firewall: s/command/cmd/g

Signed-off-by: Mattia Rizzolo <mapreri@ubuntu.com>

firewall: s/command/cmd/g
Signed-off-by: Mattia Rizzolo <mapreri@ubuntu.com>
9da8513f · Mattia Rizzolo · cac9bc27 · 9da8513f · 9da8513f · 9da8513f
Commit 9da8513f authored Mar 15, 2018 by Mattia Rizzolo
4 changed files
--- a/roles/common/templates/firewall/firewall.sh
+++ b/roles/common/templates/firewall/firewall.sh
@@ -25,17 +25,17 @@ PUBLIC_IFACE="eth0"
 LOCAL_IFACE="lo"

 # Execute a command on all iptables commands
-command() {
+cmd() {
    for cmd in "${COMMANDS[@]}"; do
        "${cmd}" $@
    done
 }

-command4() {
+cmd4() {
    "/sbin/iptables" $@
 }

-command6() {
+cmd6() {
    if "${IPv6}"; then
        "/sbin/ip6tables" $@
    fi
@@ -50,15 +50,15 @@ for arg; do
 done

 # Reset the firewall
-command -D INPUT -j input 2>/dev/null || true  # Remove firewall's input chain
+cmd -D INPUT -j input 2>/dev/null || true  # Remove firewall's input chain

 # Flush chains
 for chain in "${CHAINS[@]}"; do
-    command -F "${chain}" 2>/dev/null || true
+    cmd -F "${chain}" 2>/dev/null || true
 done
 # Delete chains -- must be done after because of references
 for chain in "${CHAINS[@]}"; do
-    command -X "${chain}" 2>/dev/null || true
+    cmd -X "${chain}" 2>/dev/null || true
 done

 echo "Existing firewall configuration cleaned up"
@@ -66,44 +66,44 @@ echo "Existing firewall configuration cleaned up"
 # If you want only to reset the firewall, don't re-create rules and clear
 # policies
 if "${only_reset}"; then
-    command -P INPUT ACCEPT
-    command -P OUTPUT ACCEPT
-    command -P FORWARD ACCEPT
+    cmd -P INPUT ACCEPT
+    cmd -P OUTPUT ACCEPT
+    cmd -P FORWARD ACCEPT

    echo "Firewall successifully disabled"
    exit
 fi

 # Setup policies
-command -P INPUT ACCEPT
-command -P OUTPUT ACCEPT
-command -P FORWARD DROP
+cmd -P INPUT ACCEPT
+cmd -P OUTPUT ACCEPT
+cmd -P FORWARD DROP

 # Create chains
 for chain in "${CHAINS[@]}"; do
-    command -N "${chain}"
+    cmd -N "${chain}"
 done

 # Setup bad tcp packets chain
-command -A tcp_bad -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW \
+cmd -A tcp_bad -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW \
        -j REJECT --reject-with tcp-reset
-command -A tcp_bad -p tcp ! --syn -m state --state NEW -j DROP
+cmd -A tcp_bad -p tcp ! --syn -m state --state NEW -j DROP

 # Setup tcp public input chain
-command -A public_input_tcp -j tcp_bad
-command -A public_input_tcp -p tcp --dport 22 -j ACCEPT  # sshd
+cmd -A public_input_tcp -j tcp_bad
+cmd -A public_input_tcp -p tcp --dport 22 -j ACCEPT  # sshd

 # Setup icmp public input chain
-command -A public_input_icmp -j ACCEPT
+cmd -A public_input_icmp -j ACCEPT

 # Setup input chain
-command -A input -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-command -A input -i "${LOCAL_IFACE}" -j ACCEPT  # Accept localhost connections
-command -A input -i "${PUBLIC_IFACE}" -p tcp -j public_input_tcp
-command -A input -i "${PUBLIC_IFACE}" -p udp -j public_input_udp
-command4 -A input -i "${PUBLIC_IFACE}" -p icmp -j public_input_icmp
-command6 -A input -i "${PUBLIC_IFACE}" -p ipv6-icmp -j public_input_icmp
-command -A input -j DROP
+cmd -A input -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+cmd -A input -i "${LOCAL_IFACE}" -j ACCEPT  # Accept localhost connections
+cmd -A input -i "${PUBLIC_IFACE}" -p tcp -j public_input_tcp
+cmd -A input -i "${PUBLIC_IFACE}" -p udp -j public_input_udp
+cmd4 -A input -i "${PUBLIC_IFACE}" -p icmp -j public_input_icmp
+cmd6 -A input -i "${PUBLIC_IFACE}" -p ipv6-icmp -j public_input_icmp
+cmd -A input -j DROP

 echo "Applied basic configuration to the firewall"

@@ -116,6 +116,6 @@ for file in /etc/firewall/*.sh; do
 done

 # Setup INPUT chain
-command -A INPUT -j input  # Move to my input chain
+cmd -A INPUT -j input  # Move to my input chain

 echo "Firewall successifully enabled"
--- a/roles/common/templates/munin/firewall.sh
+++ b/roles/common/templates/munin/firewall.sh
@@ -2,4 +2,4 @@
 # {{ ansible_managed }}
 #

-command4 -A public_input_tcp -p tcp -s 178.62.47.107 --dport 4949 -j ACCEPT
+cmd4 -A public_input_tcp -p tcp -s 178.62.47.107 --dport 4949 -j ACCEPT
--- a/roles/lxd-container/templates/firewall.sh.j2
+++ b/roles/lxd-container/templates/firewall.sh.j2
-#!/bin/bash
 {% for port in expose_ports %}
 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport {{ port }} -j DNAT --to-destination {{ ip }}:{{ port }}
 {% endfor %}
--- a/roles/nginx/templates/firewall.sh
+++ b/roles/nginx/templates/firewall.sh
-#!/bin/bash
 #
 # {{ ansible_managed }}
 #

 # Allow incoming requests on ports 80 and 443
-command -A public_input_tcp -p tcp --dport 80 -j ACCEPT
-command -A public_input_tcp -p tcp --dport 443 -j ACCEPT
+cmd -A public_input_tcp -p tcp --dport 80 -j ACCEPT
+cmd -A public_input_tcp -p tcp --dport 443 -j ACCEPT