Moved utility functions to setup

Makefile

@@ -12,7 +12,7 @@ SYSTEMD_SERVICE_FILE=$(SYSTEMD_INSTALL_DIR)/$(SERVICE_FILE)
 #SysVinit installation dir
 #INSTALL_DIR=/etc/init.d
 
-install: $(INSTALL_DIR)/lfirewall config $(SYSTEMD_SERVICE_FILE)
+install: $(INSTALL_DIR)/lfirewall $(FIREWALL_ETC_DIR)/setup $(FIREWALL_ETC_DIR)/execute_dir config $(SYSTEMD_SERVICE_FILE)
 
 config:
 	$(MKDIR) -p $(FIREWALL_ETC_DIR)
@@ -21,6 +21,9 @@ config:
 $(INSTALL_DIR)/lfirewall: scripts/lfirewall
 	$(CP) $< $@
 
+$(FIREWALL_ETC_DIR)/%: scripts/%
+	$(CP) $< $@
+
 $(SYSTEMD_SERVICE_FILE): systemd/$(SERVICE_FILE)
 	$(CP) $< $@
 

scripts/lfirewall

@@ -17,73 +17,10 @@
 # chkconfig: 2345 9 91
 # description: Activates/Deactivates the firewall at boot time
 #
+CONFIGURATION_DIR=/etc/lfirewall
 
-has_parent_process(){
-	local parent_to_search
-	local ppid
-	parent_to_search="${1:-}"
-	if [ -z "${parent_to_search:-}" ]
-	then
-		echo "ERROR: need parent process pid as first arg" >&2
-		return 5
-	fi
-	local pid
-	pid="${2:-}"
-	if [ -z "${pid:-}" ]
-	then
-		pid=$$
-	fi
-	if [ $parent_to_search = $pid ]
-	then
-		echo ${parent_to_search}
-		return 0
-	else if [ $pid -gt 1 ]
-		then
-			ppid=$(ps --pid ${pid} -o ppid= | xargs) || echo "OUT OF RANGE PID=${pid}" >&2
-			if [ -n "$ppid" ]
-			then
-				if [ $ppid = $pid ]
-				then
-					#echo "ERROR: pid=$pid is the same as ppid=$ppid" >&2
-					echo -1
-				else
-					has_parent_process ${parent_to_search} ${ppid}
-				fi
-			else
-				#echo "ERROR: pid='$pid' has ppid='$ppid'" >&2
-				echo -2
-			fi
-		else
-			#echo "NOT FOUND: ${parent_to_search}" >&2
-			echo 1
-		fi
-	fi
-	return 1
-}
+. ${CONFIGURATION_DIR}/setup
 
-find_pid_user_of(){
-	local used_file=$1
-	local regex="$2"
-	lsof ${used_file} | awk 'NR>1 && $1 ~ /'${regex}'/ && !($2 in a){a[$2]++; print $2}'
-}
-
-find_systemctl_pids(){
-	local shell_pid
-	local systemctl_pid
-	ps -elf | grep 'systemctl' | grep -v grep | awk '{print $13}' | sort -u | while read term
-	do
-		#echo ${shell_pid} ${systemctl_pid} >&2
-		if [ -z "${shell_pid:-}" ]
-		then
-			shell_pid=$(find_pid_user_of /dev/$term '.*sh$')
-		fi
-		if [ -z "${systemctl_pid:-}" ]
-		then
-			systemctl_pid=$(find_pid_user_of /dev/$term 'systemctl')
-		fi
-		echo ${shell_pid} ${systemctl_pid}
-	done
-}
 process_and_parent=`find_systemctl_pids`
 
 restart_mode=no
@@ -152,8 +89,6 @@ fi
 
 eval set -- "$options"
 
-. /etc/lfirewall/setup
-
 verbose=0
 logging=" "
 
@@ -192,8 +127,6 @@ do
 	shift
 done
 
-
-
 if ! [ -x $IP_TABLES ]; then
 	echo "$IP_TABLES is not executable or not present" >&2
 	exit 1

scripts/setup

@@ -1,10 +1,13 @@
 
-
+###############################################################
+# iptables chain names
+###############################################################
 IT_INPUT=INPUT
 IT_INPUT_LOG=LOGINPUT
 IT_OUTPUT=OUTPUT
 IT_OUTPUT_LOG=LOGOUTPUT
-
+IT_POSTROUTING=POSTROUTING
+IT_PREROUTING=PREROUTING
 
 PATH=/bin:/sbin:/usr/bin:/usr/sbin
 
@@ -18,29 +21,101 @@ UDP_SERVICES=""
 REMOTE_TCP_SERVICES="80 443" # web browsing
 REMOTE_UDP_SERVICES="53" # DNS
 
-
-# Network that will be used for remote mgmt
-# (if undefined, no rules will be setup)
-# NETWORK_MGMT=192.168.0.0/24
-
 # Port used for the SSH service, define this is you have setup a
 # management network but remove it from TCP_SERVICES
 SSH_PORT="22"
 
+###############################################################
 # Default IP_TABLES command path
+###############################################################
 IP_TABLES="/sbin/iptables"
 IP_TABLES_RESTORE="/sbin/iptables-restore"
 IP_TABLES_RESTORE_6="/sbin/ip6tables-restore"
 IP_TABLES_SAVE="/sbin/iptables-save"
 IP_TABLES_SAVE_6="/sbin/ip6tables-save"
 
-IT_INPUT=INPUT
-IT_INPUT_LOG=LOGINPUT
-IT_OUTPUT=OUTPUT
-IT_OUTPUT_LOG=LOGOUTPUT
 
-CONFIGURATION_DIR=/etc/lfirewall
+###############################################################
+# File and folder paths
+###############################################################
 CONFIGURATION_FILE=${CONFIGURATION_DIR}/lfirewall.conf
 CONFIGURATION_LOCAL_FILE=${CONFIGURATION_DIR}/lfirewall.conf.local
 USER_RULES_IPTABLES=${CONFIGURATION_DIR}/iptables-user.v4
 USER_RULES_IPTABLES_6=${CONFIGURATION_DIR}/iptables-user.v6
+
+
+
+
+###############################################################
+
+
+###############################################################
+# Utility functions definition
+###############################################################
+
+has_parent_process(){
+	local parent_to_search
+	local ppid
+	parent_to_search="${1:-}"
+	if [ -z "${parent_to_search:-}" ]
+	then
+		echo "ERROR: need parent process pid as first arg" >&2
+		return 5
+	fi
+	local pid
+	pid="${2:-}"
+	if [ -z "${pid:-}" ]
+	then
+		pid=$$
+	fi
+	if [ $parent_to_search = $pid ]
+	then
+		echo ${parent_to_search}
+		return 0
+	else if [ $pid -gt 1 ]
+		then
+			ppid=$(ps --pid ${pid} -o ppid= | xargs) || echo "OUT OF RANGE PID=${pid}" >&2
+			if [ -n "$ppid" ]
+			then
+				if [ $ppid = $pid ]
+				then
+					#echo "ERROR: pid=$pid is the same as ppid=$ppid" >&2
+					echo -1
+				else
+					has_parent_process ${parent_to_search} ${ppid}
+				fi
+			else
+				#echo "ERROR: pid='$pid' has ppid='$ppid'" >&2
+				echo -2
+			fi
+		else
+			#echo "NOT FOUND: ${parent_to_search}" >&2
+			echo 1
+		fi
+	fi
+	return 1
+}
+
+find_pid_user_of(){
+	local used_file=$1
+	local regex="$2"
+	lsof ${used_file} | awk 'NR>1 && $1 ~ /'${regex}'/ && !($2 in a){a[$2]++; print $2}'
+}
+
+find_systemctl_pids(){
+	local shell_pid
+	local systemctl_pid
+	ps -elf | grep 'systemctl' | grep -v grep | awk '{print $13}' | sort -u | while read term
+	do
+		#echo ${shell_pid} ${systemctl_pid} >&2
+		if [ -z "${shell_pid:-}" ]
+		then
+			shell_pid=$(find_pid_user_of /dev/$term '.*sh$')
+		fi
+		if [ -z "${systemctl_pid:-}" ]
+		then
+			systemctl_pid=$(find_pid_user_of /dev/$term 'systemctl')
+		fi
+		echo ${shell_pid} ${systemctl_pid}
+	done
+}