#!/bin/sh /etc/rc.common
|
|
# Copyright (C) 2021-2022 Gerald Kerma <gandalf@gk2.net>
|
|
|
|
START=99
|
|
USE_PROCD=1
|
|
NAME=crowdsec-firewall-bouncer
|
|
PROG=/usr/bin/cs-firewall-bouncer
|
|
CONFIG=/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
|
|
BACKEND=iptables
|
|
VARCONFIGDIR=/var/etc/crowdsec/bouncers
|
|
VARCONFIG=/var/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
|
|
FW_BACKEND="iptables"
|
|
|
|
service_triggers() {
|
|
procd_add_reload_trigger crowdsec-firewall-bouncer
|
|
}
|
|
|
|
init_config() {
|
|
## CheckFirewall
|
|
iptables="true"
|
|
which iptables > /dev/null
|
|
FW_BACKEND=""
|
|
if [[ $? != 0 ]]; then
|
|
echo "iptables is not present"
|
|
iptables="false"
|
|
else
|
|
FW_BACKEND="iptables"
|
|
echo "iptables found"
|
|
fi
|
|
|
|
nftables="true"
|
|
which nft > /dev/null
|
|
if [[ $? != 0 ]]; then
|
|
echo "nftables is not present"
|
|
nftables="false"
|
|
else
|
|
FW_BACKEND="nftables"
|
|
echo "nftables found"
|
|
fi
|
|
|
|
if [ "$nftables" = "true" -a "$iptables" = "true" ]; then
|
|
echo "Found nftables(default) and iptables..."
|
|
fi
|
|
|
|
if [ "$FW_BACKEND" = "iptables" ]; then
|
|
which ipset > /dev/null
|
|
if [[ $? != 0 ]]; then
|
|
echo "ipset not found, install it !"
|
|
fi
|
|
fi
|
|
BACKEND=$FW_BACKEND
|
|
|
|
# Create tmp dir & permissions if needed
|
|
if [ ! -d "${VARCONFIGDIR}" ]; then
|
|
mkdir -m 0755 -p "${VARCONFIGDIR}"
|
|
fi;
|
|
|
|
cp $CONFIG $VARCONFIG
|
|
|
|
sed -i "s,^\(\s*mode\s*:\s*\).*\$,\1$BACKEND," $VARCONFIG
|
|
}
|
|
|
|
start_service() {
|
|
init_config
|
|
|
|
procd_open_instance
|
|
procd_set_param command "$PROG" -c "$VARCONFIG"
|
|
procd_close_instance
|
|
}
|