Merge branch 'devel'

config

@@ -34,3 +34,7 @@ logforward=true
 debugtcp=true
 debugudp=true
 debugicmp=true
+
+
+## default hook order ##
+# hooks="set_defaults setup_whitenets setup_nat setup_forward setup_base setup_badips setup_white setup_open setup_scanips setup_cast setup_final"

e-router

@@ -1,8 +1,8 @@
 #!/bin/bash -x
 ((EUID == 0 )) || { echo "Need root"; exit 1; }
 set -euo pipefail
-CONFD=/etc/e-router
-source $CONFD/config
+confd=/etc/e-router
+source $confd/config
 
 set_defaults() {
     /usr/lib/systemd/scripts/iptables-flush
@@ -79,7 +79,7 @@ setup_whitenets() {
     while read -r net ; do
         [[ "$net" =~ ^[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}/[0-9]{1,}$ ]] || continue
         ipset -! add  $whiteset $net timeout 0
-    done < $CONFD/WHITE.nets
+    done < $confd/WHITE.nets
 }
 
 setup_badips() {
@@ -99,11 +99,11 @@ setup_white() {
     while read -r port ; do
         [[ "$port" =~ ^[0-9]{1,}$ ]] || continue
         iptables -A FW-FILTERED -p udp -m conntrack --ctstate NEW --ctproto UDP --dport $port -j ACCEPT
-    done < $CONFD/WHITE.udp
+    done < $confd/WHITE.udp
     while read -r port ; do
         [[ "$port" =~ ^[0-9]{1,}$ ]] || continue
         iptables -A FW-FILTERED -p tcp -m conntrack --ctstate NEW --ctproto TCP --dport $port -j ACCEPT
-    done < $CONFD/WHITE.tcp
+    done < $confd/WHITE.tcp
     iptables -A INPUT -i ${wan} -p udp -m set --match-set $whiteset src -m conntrack --ctstate NEW --ctproto UDP -j FW-FILTERED
     iptables -A INPUT -i ${wan} -p tcp -m set --match-set $whiteset src -m conntrack --ctstate NEW --ctproto TCP -j FW-FILTERED
     iptables -A INPUT -i ${wan} -p icmp --icmp-type 8 -m set --match-set $whiteset src -m conntrack --ctstate NEW --ctproto ICMP -j ACCEPT
@@ -114,11 +114,11 @@ setup_open() {
     while read -r port ; do
         [[ "$port" =~ ^[0-9]{1,}$ ]] || continue
         iptables -A FW-OPEN -p udp -m conntrack --ctstate NEW --ctproto UDP --dport $port -j ACCEPT
-    done < $CONFD/ACCEPT.udp
+    done < $confd/ACCEPT.udp
     while read -r port ; do
         [[ "$port" =~ ^[0-9]{1,}$ ]] || continue
         iptables -A FW-OPEN -p tcp -m conntrack --ctstate NEW --ctproto TCP --dport $port -j ACCEPT
-    done < $CONFD/ACCEPT.tcp
+    done < $confd/ACCEPT.tcp
     iptables -A INPUT -i ${wan} -p udp -m conntrack --ctstate NEW --ctproto UDP -j FW-OPEN
     iptables -A INPUT -i ${wan} -p tcp -m conntrack --ctstate NEW --ctproto TCP -j FW-OPEN
 }
@@ -131,17 +131,11 @@ setup_cast() {
 }
 
 main () {
-    set_defaults
-    setup_whitenets
-    setup_nat
-    setup_forward
-    setup_base
-    setup_badips
-    setup_white
-    setup_open
-    setup_scanips
-    setup_cast
-    setup_final
+   defaultHooks="set_defaults setup_whitenets setup_nat setup_forward setup_base setup_badips setup_white setup_open setup_scanips setup_cast setup_final"
+    hookarray=(${hooks:-$defaultHooks})
+    for hook in "${hookarray[@]}" ; do
+        $hook
+    done
 }
 
 main