diff --git a/scripts/sh/pf.sh b/scripts/sh/pf.sh index aab30ed..5cd5e45 100644 --- a/scripts/sh/pf.sh +++ b/scripts/sh/pf.sh @@ -4,8 +4,8 @@ # # Author: Georg Pfuetzenreuter # Created: 02/11/2021 -# Last edit: 05/12/2021 -# Version: 2.0 +# Last edit: 07/12/2021 +# Version: 2.1 # # This assumes .ssh/config being configured to ssh into your router with a user having write access to /tmp/* and $prodfile as well as having doas permissions for `pfctl -f $prodfile`. @@ -21,7 +21,7 @@ gethostaddress () { } init () { - #hostaddress=$(gethostaddress) ##we no longer parse ssh_config and rely on functioning DNS lookups + #hostaddress=$(gethostaddress) hostaddress="$host" if nc -z $hostaddress 22 2>/dev/null; then workfile="/tmp/pf.conf.$host-$USER-$(date -u +%d%m%y-%H%M)" @@ -48,7 +48,8 @@ edit () { } check () { - echo "$stagefile" + #echo "$stagefile" + render_diff ssh -q $host pfctl -nf $stagefile result="$?" case $result in @@ -65,12 +66,18 @@ render_diff () { $difftool "${diffargs[@]}" $localbackupfile $workfile } +send_report () { + maildiff=$(diff -u --color=never $localbackupfile $workfile) + echo -e "$USER deployed packet filter changes on $host at $(date):\n\n$maildiff" | mail -s "pf changes on $host by $USER" system@lysergic.dev +} + edit_ok () { - render_diff - echo "Syntax OK. Type YES to deploy changes or anything else to abort." + echo "Syntax OK. Type YES to deploy changes, edit to edit, or anything else to abort." read choice if [ "$choice" = "YES" ]; then deploy + elif [ "$choice" = "edit" ]; then + edit else #rollback abort @@ -117,6 +124,7 @@ deploy () { result="$?" case $result in 0 ) + send_report ssh -q $host "doas pfctl -f $prodfile && rm $stagefile" echo "OK." rm $workfile @@ -138,3 +146,4 @@ else host="$1" init fi +