firewall: log policy update messages to syslog
This commit is contained in:
parent
2b275c2ab4
commit
0d24f9fdc7
|
|
@ -1,5 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
apply() {
|
||||
cp -R /opt/config/etc/nftables.d /etc || return 1
|
||||
nft -I /etc/nftables.d -f /etc/nftables.nft || return 2
|
||||
|
|
@ -11,6 +13,11 @@ cleanup() {
|
|||
rm -fr /opt/config
|
||||
}
|
||||
|
||||
message() {
|
||||
logger "${@}"
|
||||
echo "${@}"
|
||||
}
|
||||
|
||||
# clean now and on exit
|
||||
cleanup
|
||||
trap cleanup EXIT
|
||||
|
|
@ -20,15 +27,15 @@ tar xz -C /opt/config --warning=no-timestamp
|
|||
|
||||
current="$(cat /opt/version 2>/dev/null || echo -1)"
|
||||
next="$(cat /opt/config/version 2>/dev/null || echo -1)"
|
||||
echo "Updating config from v${current} to v${next}"
|
||||
message "Updating config from v${current} to v${next}"
|
||||
if [ "${next:-0}" -ne "${current:-0}" ] ; then
|
||||
echo "Applying config v${next}"
|
||||
message "Applying config v${next}"
|
||||
if apply ; then
|
||||
echo "${next}" > /opt/version
|
||||
echo "Applied config v${next}"
|
||||
message "Applied config v${next}"
|
||||
else
|
||||
error="$?"
|
||||
echo "Could not apply config v${next}, error ${error}"
|
||||
message "Could not apply config v${next}, error ${error}"
|
||||
exit "${error}"
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in a new issue