LibertaCasa/system
9
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

Print diff after edit

Browse Source 
Signed-off-by: Georg <georg@lysergic.dev>
This commit is contained in:
Georg Pfuetzenreuter 2021-12-05 14:58:59 +01:00
parent 57c90a239d
commit b30db307d2
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
scripts/sh/pf.sh
View File

@ -3,11 +3,15 @@
# Helps you edit a production packet filter configuration and reduces the risk of doing something really bad. # Helps you edit a production packet filter configuration and reduces the risk of doing something really bad.
# #
# Author: Georg Pfuetzenreuter <georg@lysergic.dev> # Author: Georg Pfuetzenreuter <georg@lysergic.dev>
# Last edit: 02/11/2021 # Created: 02/11/2021
# Last edit: 05/12/2021
# Version: 2.0
# #
# This assumes .ssh/config being configured to ssh into your router with a user having write access to /tmp/* and $prodfile as well as having doas permissions for `pfctl -f $prodfile`. # This assumes .ssh/config being configured to ssh into your router with a user having write access to /tmp/* and $prodfile as well as having doas permissions for `pfctl -f $prodfile`.
editor="$(which vim)" editor="$(which nvim)"
difftool="/home/lysergic/lysergic-venv/bin/icdiff"
diffargs=( -L "CURRENT CONFIGURATION" -L "YOUR CONFIGURATION" -N -U2 )
prodfile="/etc/pf.conf" prodfile="/etc/pf.conf"
backupfile="/tmp/pf.conf.bak-$(date -u +%d%m%y-%H%M)" backupfile="/tmp/pf.conf.bak-$(date -u +%d%m%y-%H%M)"
stagefile="/tmp/pf.conf-work-$USER-$(date -u +%d%m%y-%H%M)" stagefile="/tmp/pf.conf-work-$USER-$(date -u +%d%m%y-%H%M)"
@ -17,11 +21,14 @@ gethostaddress () {
} }
init () { init () {
hostaddress=$(gethostaddress) #hostaddress=$(gethostaddress) ##we no longer parse ssh_config and rely on functioning DNS lookups
if nc -nz $hostaddress 22 2>/dev/null; then hostaddress="$host"
if nc -z $hostaddress 22 2>/dev/null; then
workfile="/tmp/pf.conf.$host-$USER-$(date -u +%d%m%y-%H%M)" workfile="/tmp/pf.conf.$host-$USER-$(date -u +%d%m%y-%H%M)"
ssh -q $host cp $prodfile $backupfile ssh -q $host cp $prodfile $backupfile
scp -q $host:$prodfile $workfile scp -q $host:$prodfile $workfile
localbackupfile="${workfile}_original"
cp $workfile $localbackupfile
edit edit
else else
echo "Host not reachable." echo "Host not reachable."
@ -54,7 +61,12 @@ check () {
esac esac
} }
render_diff () {
$difftool "${diffargs[@]}" $localbackupfile $workfile
}
edit_ok () { edit_ok () {
render_diff
echo "Syntax OK. Type YES to deploy changes or anything else to abort." echo "Syntax OK. Type YES to deploy changes or anything else to abort."
read choice read choice
if [ "$choice" = "YES" ]; then if [ "$choice" = "YES" ]; then
@ -105,9 +117,8 @@ deploy () {
result="$?" result="$?"
case $result in case $result in
0 ) 0 )
ssh -q $host doas pfctl -f $prodfile ssh -q $host "doas pfctl -f $prodfile && rm $stagefile"
echo "OK." echo "OK."
ssh -q $host rm $stagefile
rm $workfile rm $workfile
;; ;;
1 ) 1 )