Adapt firewall-port to IPv6

Signed-off-by: Benjamin Reis <[email protected]>
xapi-project · Nov 4, 2024 · 2221964 · 2221964
1 parent b6619b5
commit 2221964
Showing 1 changed file with 31 additions and 14 deletions.
diff --git a/scripts/plugins/firewall-port b/scripts/plugins/firewall-port
@@ -9,10 +9,28 @@ set -e
 # protocol.
 #
 # Usage:
-#   ./firewall-port {open|close} port protocol
+#   ./firewall-port [-6] {open|close} port protocol
 #
 #################################################
 
+usage() {
+    echo $"Usage: $0 [-6] {open|close|check} {port} {protocol}" 1>&2
+}
+
+BINARY=iptables
+while getopts ":6" option; do
+    case $option in
+        6)
+            BINARY=ip6tables
+            ;;
+        \?)
+            usage
+            exit 1
+            ;;
+   esac
+   shift
+done
+
 OP="$1"
 PORT="$2"
 PROTOCOL="${3:-tcp}"
@@ -29,37 +47,36 @@ esac
 
 case "${OP}" in
     open)
-        if ! iptables -C $CHAIN $RULE 2>/dev/null
+        if ! $BINARY -C $CHAIN $RULE 2>/dev/null
         then # first ensure chain exists
-            if  iptables -N "${CHAIN}" 2>/dev/null
+            if  $BINARY -N "${CHAIN}" 2>/dev/null
             then #chain did not exist but does now
-                iptables -A "${CHAIN}" -j RETURN
-                iptables -I INPUT -j "${CHAIN}"
-            fi # asuume chain is used if it exists
-        iptables -I "${CHAIN}" $RULE
-	/usr/libexec/iptables/iptables.init save
+                $BINARY -A "${CHAIN}" -j RETURN
+                $BINARY -I INPUT -j "${CHAIN}"
+            fi # assume chain is used if it exists
+        $BINARY -I "${CHAIN}" $RULE
+        /usr/libexec/iptables/"$BINARY".init save
         fi
         ;;
     close)
-        if iptables -C $CHAIN $RULE 2>/dev/null
+        if $BINARY -C $CHAIN $RULE 2>/dev/null
         then # close port  if it was opened 
-            iptables -D $CHAIN $RULE
-	    /usr/libexec/iptables/iptables.init save
+            $BINARY -D $CHAIN $RULE
+            /usr/libexec/iptables/"$BINARY".init save
         fi
         ;;
     check) 
-        if [[ -z `iptables -S $CHAIN | grep " $PORT "` ]]
+        if [[ -z `$BINARY -S $CHAIN | grep " $PORT "` ]]
         then
             echo "Port $PORT open: true"
         else
             echo "Port $PORT open: false"
         fi
         ;;
     *)
-        echo $"Usage: $0 {open|close|check} {port} {protocol}" 1>&2
+        usage
         exit 1
         ;;
 esac
 
 exit 0
-