firewall: log policy update messages to syslog
This commit is contained in:
parent
2b275c2ab4
commit
0d24f9fdc7
|
|
@ -1,5 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
apply() {
|
apply() {
|
||||||
cp -R /opt/config/etc/nftables.d /etc || return 1
|
cp -R /opt/config/etc/nftables.d /etc || return 1
|
||||||
nft -I /etc/nftables.d -f /etc/nftables.nft || return 2
|
nft -I /etc/nftables.d -f /etc/nftables.nft || return 2
|
||||||
|
|
@ -11,6 +13,11 @@ cleanup() {
|
||||||
rm -fr /opt/config
|
rm -fr /opt/config
|
||||||
}
|
}
|
||||||
|
|
||||||
|
message() {
|
||||||
|
logger "${@}"
|
||||||
|
echo "${@}"
|
||||||
|
}
|
||||||
|
|
||||||
# clean now and on exit
|
# clean now and on exit
|
||||||
cleanup
|
cleanup
|
||||||
trap cleanup EXIT
|
trap cleanup EXIT
|
||||||
|
|
@ -20,15 +27,15 @@ tar xz -C /opt/config --warning=no-timestamp
|
||||||
|
|
||||||
current="$(cat /opt/version 2>/dev/null || echo -1)"
|
current="$(cat /opt/version 2>/dev/null || echo -1)"
|
||||||
next="$(cat /opt/config/version 2>/dev/null || echo -1)"
|
next="$(cat /opt/config/version 2>/dev/null || echo -1)"
|
||||||
echo "Updating config from v${current} to v${next}"
|
message "Updating config from v${current} to v${next}"
|
||||||
if [ "${next:-0}" -ne "${current:-0}" ] ; then
|
if [ "${next:-0}" -ne "${current:-0}" ] ; then
|
||||||
echo "Applying config v${next}"
|
message "Applying config v${next}"
|
||||||
if apply ; then
|
if apply ; then
|
||||||
echo "${next}" > /opt/version
|
echo "${next}" > /opt/version
|
||||||
echo "Applied config v${next}"
|
message "Applied config v${next}"
|
||||||
else
|
else
|
||||||
error="$?"
|
error="$?"
|
||||||
echo "Could not apply config v${next}, error ${error}"
|
message "Could not apply config v${next}, error ${error}"
|
||||||
exit "${error}"
|
exit "${error}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue