etc/post-up-down-routing.example

@@ -1,10 +1,11 @@
 # Creates a routing rule to external interface
 DEFAULT_NET_INTERFACE=eth0
+NETWORK_ID='10.1.0.0/24'
 if [ -z ${1:-} ]
 then
     external_if=${DEFAULT_NET_INTERFACE}
 else
     external_if=$1
 fi
-$do_action -t nat $IPTABLES_ADD $IT_POSTROUTING -s '10.1.0.0/24' -o $external_if -j MASQUERADE
+$do_action -t nat $IPTABLES_ADD $IT_POSTROUTING -s "$NETWORK_ID" -o $external_if -j MASQUERADE
 $do_action -t raw $IPTABLES_INSERT $IT_PREROUTING -i fwbr+ -j CT --zone 1

scripts/execute_lfirewall_dir

@@ -15,7 +15,10 @@ eval set -- "$options"
 set -eu
 
 firewall_action=no
-verbose=0
+if [ -z ${verbose:-} ]
+then
+	verbose=0
+fi
 
 while :
 do
@@ -43,9 +46,18 @@ do
 	esac
 	shift
 done
+do_log=do_not_log_action
+if [ ${verbose} -gt 0 ] ; then
+        do_log=log_action
+fi
+export do_log
+
+
 export do_action=${1:-}
 script_dir=${2:-}
 
+shift 2 # clean any arguments
+
 if [ -z "${do_action}" ] ; then
     echo "ERROR: missing action" >&2
     exit 2

scripts/lfirewall

@@ -164,6 +164,8 @@ fi
 
 do_log=do_not_log_action
 
+export verbose
+
 ##########################
 # Drops INPUT
 ##########################
@@ -424,10 +426,6 @@ do_this(){
     $*
 }
 
-translate_iptables_rule(){
-	echo $* | sed -e 's/'$IPTABLES_ADD'/-A/g' -e 's/'$IPTABLES_INSERT'/-I/g'  -e 's/'$IPTABLES_SET_POLICY'/-P/g' 
-}
-
 ##########################
 # Backups user rules
 ##########################

scripts/setup

@@ -75,6 +75,10 @@ do_not_log_action () {
 	return 0
 }
 
+translate_iptables_rule(){
+	echo $* | sed -e 's/'$IPTABLES_ADD'/-A/g' -e 's/'$IPTABLES_INSERT'/-I/g'  -e 's/'$IPTABLES_SET_POLICY'/-P/g' 
+}
+
 ###############################################################
 # Firewall actions function definition
 ###############################################################
@@ -139,17 +143,20 @@ do_exec () {
 			echo "Nothing to be done for $1"
 		;;
 	esac
-	if [ ${verbose} -ge 1 ] ; then
-		echo $IP_TABLES $it_table $it_option $it_command
-	fi
 	if ! $IP_TABLES $it_table -C $it_command > /dev/null 2>&1
 	then
+		if [ ${verbose} -ge 1 ] ; then
+			echo $IP_TABLES $it_table $it_option $it_command
+		fi
 		$IP_TABLES $it_table $it_option $it_command
 	fi
 }
 
 
 do_check () {
+    if [ ${verbose} -ge 1 ] ; then
+        echo "do_check params='$*'"
+    fi
     local it_action=`get_action_information $*`
     local it_table=`get_table_information $*`
     local it_command=`get_command_information $*`
@@ -170,11 +177,14 @@ do_check () {
 	esac
 	default_option=-C
 	if [ ${verbose} -ge 1 ] ; then
+		echo "it_action=$it_action"
+		echo "it_table=$it_table"
+		echo "it_command=$it_command"
 		echo $do_log "$it_action:" $IP_TABLES $it_table -C $it_command
 		echo $IP_TABLES $it_table -C $it_command
 	fi
-	$do_log "$it_action:" $IP_TABLES -C $it_command
-	$IP_TABLES  $it_table -C $it_command
+	$do_log "$it_action:" $IP_TABLES $it_table -C $it_command
+	$IP_TABLES $it_table -C $it_command
 	global_status=$((global_status+$?))
 }