The firewall program is being moved into the kevux-tools repository or in its own repository.
It will not be in the 0.8.x releases of the FLL project.
+++ /dev/null
-#include "firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_setting_load_
- void firewall_setting_load(const f_console_arguments_t arguments, firewall_main_t * const main) {
-
- if (!main) return;
-
- f_console_parameters_t * const parameters = &main->program.parameters;
-
- main->setting.state.step_small = firewall_allocation_console_d;
-
- f_console_parameter_process(arguments, parameters, &main->setting.state, 0);
-
- main->setting.state.step_small = firewall_allocation_small_d;
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->setting.state.status = fll_program_parameter_process_context_standard(F_true, &main->program);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->setting.state.status = fll_program_parameter_process_verbosity_standard(F_true, &main->program);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- if (parameters->array[f_console_standard_parameter_help_e].result & f_console_result_found_d) {
- main->setting.flag |= firewall_main_flag_help_d;
-
- return;
- }
-
- if (parameters->array[f_console_standard_parameter_version_e].result & f_console_result_found_d) {
- main->setting.flag |= firewall_main_flag_version_d;
-
- return;
- }
-
- if (parameters->array[f_console_standard_parameter_copyright_e].result & f_console_result_found_d) {
- main->setting.flag |= firewall_main_flag_copyright_d;
-
- return;
- }
-
- f_number_unsigned_t index = 0;
-
- if (parameters->array[firewall_parameter_operation_start_e].result & f_console_result_found_d) {
- main->setting.flag &= ~firewall_main_flag_operation_d;
- main->setting.flag |= firewall_main_flag_operation_start_d;
-
- index = parameters->array[firewall_parameter_operation_start_e].location;
- }
-
- if (parameters->array[firewall_parameter_operation_stop_e].result & f_console_result_found_d) {
- if (!(main->setting.flag & firewall_main_flag_operation_d) || parameters->array[firewall_parameter_operation_stop_e].location > index) {
- main->setting.flag &= ~firewall_main_flag_operation_d;
- main->setting.flag |= firewall_main_flag_operation_stop_d;
-
- index = parameters->array[firewall_parameter_operation_stop_e].location;
- }
- }
-
- if (parameters->array[firewall_parameter_operation_restart_e].result & f_console_result_found_d) {
- if (!(main->setting.flag & firewall_main_flag_operation_d) || parameters->array[firewall_parameter_operation_restart_e].location > index) {
- main->setting.flag &= ~firewall_main_flag_operation_d;
- main->setting.flag |= firewall_main_flag_operation_restart_d;
-
- index = parameters->array[firewall_parameter_operation_restart_e].location;
- }
- }
-
- if (parameters->array[firewall_parameter_operation_lock_e].result & f_console_result_found_d) {
- if (!(main->setting.flag & firewall_main_flag_operation_d) || parameters->array[firewall_parameter_operation_lock_e].location > index) {
- main->setting.flag &= ~firewall_main_flag_operation_d;
- main->setting.flag |= firewall_main_flag_operation_lock_d;
-
- index = parameters->array[firewall_parameter_operation_lock_e].location;
- }
- }
-
- if (parameters->array[firewall_parameter_operation_show_e].result & f_console_result_found_d) {
- if (!(main->setting.flag & firewall_main_flag_operation_d) || parameters->array[firewall_parameter_operation_show_e].location > index) {
- main->setting.flag &= ~firewall_main_flag_operation_d;
- main->setting.flag |= firewall_main_flag_operation_show_d;
- }
- }
-
- if (parameters->array[firewall_parameter_4_e].result & f_console_result_found_d) {
- if (parameters->array[firewall_parameter_6_e].result & f_console_result_found_d) {
- main->setting.flag |= firewall_main_flag_ipv46_d;
- }
- else {
- main->setting.flag &= ~firewall_main_flag_ipv6_d;
- main->setting.flag |= firewall_main_flag_ipv4_d;
- }
- }
- else if (parameters->array[firewall_parameter_6_e].result & f_console_result_found_d) {
- main->setting.flag &= ~firewall_main_flag_ipv4_d;
- main->setting.flag |= firewall_main_flag_ipv6_d;
- }
-
- if (main->program.pipe & fll_program_data_pipe_input_e) {
- main->setting.flag |= firewall_main_flag_pipe_d;
- }
- else {
- main->setting.flag &= ~firewall_main_flag_pipe_d;
- }
-
- if (main->setting.flag & firewall_main_flag_operation_show_d) {
- if (parameters->remaining.used) {
- main->setting.flag &= ~firewall_main_flag_operation_show_filter_nat_mangle_d;
-
- for (f_number_unsigned_t i = 0; i < parameters->remaining.used; ++i) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- index = parameters->remaining.array[i];
-
- if (f_compare_dynamic(firewall_show_nat_s, parameters->arguments.array[index]) == F_equal_to) {
- main->setting.flag |= firewall_main_flag_operation_show_nat_d;
- }
- else if (f_compare_dynamic(firewall_show_mangle_s, parameters->arguments.array[index]) == F_equal_to) {
- main->setting.flag |= firewall_main_flag_operation_show_mangle_d;
- }
- else if (f_compare_dynamic(firewall_show_filter_s, parameters->arguments.array[index]) == F_equal_to) {
- main->setting.flag |= firewall_main_flag_operation_show_filter_d;
- }
- else {
- firewall_print_warning_show_option_unknown(&main->program.warning, parameters->arguments.array[index]);
- }
- } // for
- }
- else {
- main->setting.flag |= firewall_main_flag_operation_show_filter_nat_mangle_d;
- }
- }
- }
-#endif // _di_firewall_setting_load_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the common data structures.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_common_h
-#define _firewall_common_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Perform the standard program setting load process.
- *
- * This prints error messages as appropriate.
- *
- * If either main or setting is NULL, then this immediately returns without doing anything.
- *
- * @param arguments
- * The parameters passed to the process (often referred to as command line arguments).
- * @param main
- * The main program data and settings.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- *
- * Errors (with error bit) from: f_console_parameter_process().
- * Errors (with error bit) from: fll_program_parameter_process_context_standard().
- *
- * @see f_console_parameter_process()
- * @see fll_program_parameter_process_context_standard()
- */
-#ifndef _di_firewall_setting_load_
- extern void firewall_setting_load(const f_console_arguments_t arguments, firewall_main_t * const main);
-#endif // _di_firewall_setting_load_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_common_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the common define types.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_common_define_h
-#define _firewall_common_define_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * The program allocation defines.
- *
- * firewall_allocation_*_d:
- * - console: An allocation step used for small buffers specifically for console parameter.
- * - large: An allocation step used for buffers that are anticipated to have large buffers.
- * - pipe: A buffer size used for processing piped data.
- * - small: An allocation step used for buffers that are anticipated to have small buffers.
- */
-#ifndef _di_firewall_allocation_d_
- #define firewall_allocation_console_d 4
- #define firewall_allocation_large_d 256
- #define firewall_allocation_pipe_d 16384
- #define firewall_allocation_small_d 16
-#endif // _di_firewall_allocation_d_
-
-/**
- * Flags representing the current state of the processed rule.
- *
- * firewall_data_is_*_d:
- * - none: No flags set.
- * - global: The current processed rule is global.
- * - local: The current processed rule is lock.
- * - main: The current processed rule is main.
- * - stop: The current processed rule is stop.
- * - stop_main_lock: Helper flag representing main, stop, and lock being set.
- */
-#ifndef _di_firewall_data_is_d_
- #define firewall_data_is_none_d 0x0
- #define firewall_data_is_global_d 0x1
- #define firewall_data_is_lock_d 0x2
- #define firewall_data_is_main_d 0x4
- #define firewall_data_is_stop_d 0x8
- #define firewall_data_is_stop_main_lock_d 0xe
-#endif // _di_firewall_data_is_d_
-
-/**
- * Flags passed to the main function or program.
- *
- * firewall_main_flag_*_d:
- * - none: No flags set.
- * - copyright: Print copyright.
- * - help: Print help.
- * - ipv4: Operate in IPv4 by default or enable ipv4 when calling "show" commands.
- * - ipv6: Operate in IPv6 by default or enable ipv6 when calling "show" commands.
- * - ipv46: A helper flag representing both ipv4 and ipv6 flag bits being set.
- * - operation: A helper flag representing every operation flag bit being set.
- * - operation_lock: Perform the lock operation.
- * - operation_restart: Perform the restart operation.
- * - operation_show: Perform the show operation.
- * - operation_show_nat: For the show operation, show nat.
- * - operation_show_mangle: For the show operation, show mangle.
- * - operation_show_filter: For the show operation, show filter.
- * - operation_show_filter_nat_mangle: A helper flag representing the show nat, show mangle, and short filter flags set.
- * - operation_start: Perform the start operation.
- * - operation_start_restart: A helper flag representing both the start and restart operation flag set.
- * - operation_stop: Perform the stop operation.
- * - operation_stop_restart: A helper flag representing both the stop and restart operation flag set.
- * - operation_stop_restart_lock: A helper flag representing both the stop, restart, and lock operation flag set.
- * - pipe: Use the input pipe.
- * - version: Print version.
- * - version_copyright_help: A helper flag representing version, copyright, and help flag bits being set.
- */
-#ifndef _di_firewall_main_flag_d_
- #define firewall_main_flag_none_d 0x0
- #define firewall_main_flag_copyright_d 0x1
- #define firewall_main_flag_help_d 0x2
- #define firewall_main_flag_ipv4_d 0x4
- #define firewall_main_flag_ipv6_d 0x8
- #define firewall_main_flag_ipv46_d 0xc
- #define firewall_main_flag_operation_d 0xff0
- #define firewall_main_flag_operation_lock_d 0x10
- #define firewall_main_flag_operation_restart_d 0x20
- #define firewall_main_flag_operation_show_d 0x40
- #define firewall_main_flag_operation_show_nat_d 0x80
- #define firewall_main_flag_operation_show_mangle_d 0x100
- #define firewall_main_flag_operation_show_filter_d 0x200
- #define firewall_main_flag_operation_show_filter_nat_mangle_d 0x380
- #define firewall_main_flag_operation_start_d 0x400
- #define firewall_main_flag_operation_start_restart_d 0x420
- #define firewall_main_flag_operation_stop_d 0x800
- #define firewall_main_flag_operation_stop_restart_d 0x820
- #define firewall_main_flag_operation_stop_restart_lock_d 0x830
- #define firewall_main_flag_pipe_d 0x1000
- #define firewall_main_flag_version_d 0x2000
- #define firewall_main_flag_version_copyright_help_d 0x2003
-#endif // _di_firewall_main_flag_d_
-
-/**
- * The program signal defines.
- *
- * firewall_signal_*_d:
- * - check_failsafe: When using threads, how many consecutive failures to check signal before aborting (as a recursion failsafe).
- */
-#ifndef _di_firewall_signal_d_
- #define firewall_signal_check_failsafe_d 20000
-#endif // _di_firewall_signal_d_
-
-/**
- * A macro wrapping the appropriate signal check function based on threaded/non-threaded support.
- */
-#ifndef _di_firewall_signal_check_d_
- #ifdef _di_thread_support_
- #define macro_firewall_signal_check(program, state) fll_program_signal_check_loop(program, state)
- #else
- #define macro_firewall_signal_check(program, state) fll_program_signal_check_simple(program, state)
- #endif // _di_thread_support_
-#endif // _di_firewall_signal_check_d_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_common_define_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the common enumeration types.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_common_enumeration_h
-#define _firewall_common_enumeration_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * The firewall action.
- *
- * firewall_action_*_e:
- * - none: The action is none.
- * - append: The action is append.
- * - insert: The action is insert.
- * - policy: The action is policy.
- */
-#ifndef _di_firewall_action_e_
- enum {
- firewall_action_none_e,
- firewall_action_append_e,
- firewall_action_insert_e,
- firewall_action_policy_e,
- }; // enum
-#endif // _di_firewall_action_e_
-
-/**
- * The firewall chain.
- *
- * firewall_chain_*_e:
- * - none: The chain is none.
- * - custom: The chain is custom.
- * - forward: The chain is forward.
- * - input: The chain is input.
- * - output: The chain is output.
- * - postrouting: The chain is postrouting.
- * - prerouting: The chain is prerouting.
- */
-#ifndef _di_firewall_action_e_
- enum {
- firewall_chain_none_e,
- firewall_chain_custom_e,
- firewall_chain_forward_e,
- firewall_chain_input_e,
- firewall_chain_output_e,
- firewall_chain_postrouting_e,
- firewall_chain_prerouting_e,
- }; // enum
-#endif // _di_firewall_action_e_
-
-/**
- * Flags representing the existence of reserved sets.
- *
- * firewall_data_has_*_e:
- * - none: No flags set.
- * - local: The current processed rule is lock.
- * - main: The current processed rule is main.
- * - stop: The current processed rule is stop.
- */
-#ifndef _di_firewall_data_has_e_
- enum {
- firewall_data_has_none_e = 0x0,
- firewall_data_has_lock_e = 0x1,
- firewall_data_has_main_e = 0x2,
- firewall_data_has_stop_e = 0x4,
- }; // enum
-#endif // _di_firewall_data_has_e_
-
-/**
- * The firewall direction.
- *
- * firewall_direction_*_e:
- * - none: No direction.
- * - input: The input direction.
- * - output: The output direction.
- */
-#ifndef _di_firewall_direction_e_
- enum {
- firewall_direction_none_e = 0,
- firewall_direction_input_e,
- firewall_direction_output_e,
- }; // enum
-#endif // _di_firewall_direction_e_
-
-/**
- * The firewall tool (the program being used).
- *
- * firewall_tool_*_e:
- * - none: No flags set.
- * - ip46tables: Use both iptables and ip6tables tools.
- * - ip6tables: Use the ip6tables tool.
- * - ipset: Use the ipset tool.
- * - iptables: Use the iptables tool.
- */
-#ifndef _di_firewall_tool_e_
- enum {
- firewall_tool_none_e = 0,
- firewall_tool_ip46tables_e,
- firewall_tool_ip6tables_e,
- firewall_tool_iptables_e,
- firewall_tool_ipset_e,
- }; // enum
-#endif // _di_firewall_tool_e_
-
-/**
- * The main program parameters.
- */
-#ifndef _di_firewall_parameter_e_
- enum {
- firewall_parameter_4_e = f_console_standard_parameter_last_e,
- firewall_parameter_6_e,
- firewall_parameter_operation_lock_e,
- firewall_parameter_operation_restart_e,
- firewall_parameter_operation_show_e,
- firewall_parameter_operation_start_e,
- firewall_parameter_operation_stop_e,
- }; // enum
-
- #define firewall_console_parameter_t_initialize \
- { \
- macro_fll_program_console_parameter_standard_initialize, \
- \
- macro_f_console_parameter_t_initialize_4(firewall_short_4_s, 0, f_console_flag_normal_d), \
- macro_f_console_parameter_t_initialize_4(firewall_short_6_s, 0, f_console_flag_normal_d), \
- macro_f_console_parameter_t_initialize_6(firewall_operation_lock_s, 0, f_console_flag_simple_d), \
- macro_f_console_parameter_t_initialize_6(firewall_operation_restart_s, 0, f_console_flag_simple_d), \
- macro_f_console_parameter_t_initialize_6(firewall_operation_show_s, 0, f_console_flag_simple_d), \
- macro_f_console_parameter_t_initialize_6(firewall_operation_start_s, 0, f_console_flag_simple_d), \
- macro_f_console_parameter_t_initialize_6(firewall_operation_stop_s, 0, f_console_flag_simple_d), \
- }
-
- #define firewall_parameter_total_d (f_console_parameter_state_type_total_d + 7)
-#endif // _di_firewall_parameter_e_
-
-/**
- * Flags for fine-tuned print control.
- *
- * firewall_print_flag_*_e:
- * - none: No flags set.
- * - debug: Stream is for debug printing.
- * - error: Stream is for error printing.
- * - in: Stream is a source file.
- * - message: Stream is for message printing.
- * - out: Stream is a destination file.
- * - warning: Stream is for warning printing.
- */
-#ifndef _di_firewall_print_flag_e_
- enum {
- firewall_print_flag_none_e = 0x0,
- firewall_print_flag_debug_e = 0x1,
- firewall_print_flag_error_e = 0x2,
- firewall_print_flag_file_e = 0x4,
- firewall_print_flag_in_e = 0x8,
- firewall_print_flag_out_e = 0x10,
- firewall_print_flag_message_e = 0x20,
- firewall_print_flag_warning_e = 0x40,
- }; // enum
-#endif // _di_firewall_print_flag_e_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_common_enumeration_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_program_version_s_
- const f_string_static_t firewall_program_version_s = macro_f_string_static_t_initialize_1(FIREWALL_program_version_s, 0, FIREWALL_program_version_s_length);
-#endif // _di_firewall_program_version_s_
-
-#ifndef _di_firewall_program_name_s_
- const f_string_static_t firewall_program_name_s = macro_f_string_static_t_initialize_1(FIREWALL_program_name_s, 0, FIREWALL_program_name_s_length);
- const f_string_static_t firewall_program_name_long_s = macro_f_string_static_t_initialize_1(FIREWALL_program_name_long_s, 0, FIREWALL_program_name_long_s_length);
-#endif // _di_firewall_program_name_s_
-
-#ifndef _di_firewall_program_help_parameters_s_
- const f_string_static_t firewall_program_help_parameters_s = macro_f_string_static_t_initialize_1(FIREWALL_program_help_parameters_s, 0, FIREWALL_program_help_parameters_s_length);
-#endif // _di_firewall_program_help_parameters_s_
-
-#ifndef _di_firewall_program_parameters_s_
- const f_string_static_t firewall_short_4_s = macro_f_string_static_t_initialize_1(FIREWALL_short_4_s, 0, FIREWALL_short_4_s_length);
- const f_string_static_t firewall_short_6_s = macro_f_string_static_t_initialize_1(FIREWALL_short_6_s, 0, FIREWALL_short_6_s_length);
-#endif // _di_firewall_program_parameters_s_
-
-#ifndef _di_firewall_s_
- const f_string_static_t firewall_action_s = macro_f_string_static_t_initialize_1(FIREWALL_action_s, 0, FIREWALL_action_s_length);
- const f_string_static_t firewall_action_append_s = macro_f_string_static_t_initialize_1(FIREWALL_action_append_s, 0, FIREWALL_action_append_s_length);
- const f_string_static_t firewall_action_insert_s = macro_f_string_static_t_initialize_1(FIREWALL_action_insert_s, 0, FIREWALL_action_insert_s_length);
- const f_string_static_t firewall_action_policy_s = macro_f_string_static_t_initialize_1(FIREWALL_action_policy_s, 0, FIREWALL_action_policy_s_length);
- const f_string_static_t firewall_action_none_s = macro_f_string_static_t_initialize_1(FIREWALL_action_none_s, 0, FIREWALL_action_none_s_length);
-
- const f_string_static_t firewall_action_append_operation_s = macro_f_string_static_t_initialize_1(FIREWALL_action_append_operation_s, 0, FIREWALL_action_append_operation_s_length);
- const f_string_static_t firewall_action_insert_operation_s = macro_f_string_static_t_initialize_1(FIREWALL_action_insert_operation_s, 0, FIREWALL_action_insert_operation_s_length);
- const f_string_static_t firewall_action_policy_operation_s = macro_f_string_static_t_initialize_1(FIREWALL_action_policy_operation_s, 0, FIREWALL_action_policy_operation_s_length);
-
- const f_string_static_t firewall_chain_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_s, 0, FIREWALL_chain_s_length);
- const f_string_static_t firewall_chain_forward_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_forward_s, 0, FIREWALL_chain_forward_s_length);
- const f_string_static_t firewall_chain_drop_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_drop_s, 0, FIREWALL_chain_drop_s_length);
- const f_string_static_t firewall_chain_input_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_input_s, 0, FIREWALL_chain_input_s_length);
- const f_string_static_t firewall_chain_none_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_none_s, 0, FIREWALL_chain_none_s_length);
- const f_string_static_t firewall_chain_output_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_output_s, 0, FIREWALL_chain_output_s_length);
- const f_string_static_t firewall_chain_postrouting_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_postrouting_s, 0, FIREWALL_chain_postrouting_s_length);
- const f_string_static_t firewall_chain_prerouting_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_prerouting_s, 0, FIREWALL_chain_prerouting_s_length);
-
- const f_string_static_t firewall_chain_create_operation_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_create_operation_s, 0, FIREWALL_chain_create_operation_s_length);
- const f_string_static_t firewall_chain_delete_operation_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_delete_operation_s, 0, FIREWALL_chain_delete_operation_s_length);
- const f_string_static_t firewall_chain_flush_operation_s = macro_f_string_static_t_initialize_1(FIREWALL_chain_flush_operation_s, 0, FIREWALL_chain_flush_operation_s_length);
-
- const f_string_static_t firewall_operation_start_s = macro_f_string_static_t_initialize_1(FIREWALL_operation_start_s, 0, FIREWALL_operation_start_s_length);
- const f_string_static_t firewall_operation_stop_s = macro_f_string_static_t_initialize_1(FIREWALL_operation_stop_s, 0, FIREWALL_operation_stop_s_length);
- const f_string_static_t firewall_operation_restart_s = macro_f_string_static_t_initialize_1(FIREWALL_operation_restart_s, 0, FIREWALL_operation_restart_s_length);
- const f_string_static_t firewall_operation_lock_s = macro_f_string_static_t_initialize_1(FIREWALL_operation_lock_s, 0, FIREWALL_operation_lock_s_length);
- const f_string_static_t firewall_operation_show_s = macro_f_string_static_t_initialize_1(FIREWALL_operation_show_s, 0, FIREWALL_operation_show_s_length);
-
- const f_string_static_t firewall_device_s = macro_f_string_static_t_initialize_1(FIREWALL_device_s, 0, FIREWALL_device_s_length);
- const f_string_static_t firewall_device_all_s = macro_f_string_static_t_initialize_1(FIREWALL_device_all_s, 0, FIREWALL_device_all_s_length);
- const f_string_static_t firewall_device_this_s = macro_f_string_static_t_initialize_1(FIREWALL_device_this_s, 0, FIREWALL_device_this_s_length);
- const f_string_static_t firewall_device_loop_s = macro_f_string_static_t_initialize_1(FIREWALL_device_loop_s, 0, FIREWALL_device_loop_s_length);
-
- const f_string_static_t firewall_device_input_operation_s = macro_f_string_static_t_initialize_1(FIREWALL_device_input_operation_s, 0, FIREWALL_device_input_operation_s_length);
- const f_string_static_t firewall_device_output_operation_s = macro_f_string_static_t_initialize_1(FIREWALL_device_output_operation_s, 0, FIREWALL_device_output_operation_s_length);
-
- const f_string_static_t firewall_direction_s = macro_f_string_static_t_initialize_1(FIREWALL_direction_s, 0, FIREWALL_direction_s_length);
- const f_string_static_t firewall_direction_input_s = macro_f_string_static_t_initialize_1(FIREWALL_direction_input_s, 0, FIREWALL_direction_input_s_length);
- const f_string_static_t firewall_direction_output_s = macro_f_string_static_t_initialize_1(FIREWALL_direction_output_s, 0, FIREWALL_direction_output_s_length);
- const f_string_static_t firewall_direction_none_s = macro_f_string_static_t_initialize_1(FIREWALL_direction_none_s, 0, FIREWALL_direction_none_s_length);
-
- const f_string_static_t firewall_group_stop_s = macro_f_string_static_t_initialize_1(FIREWALL_group_stop_s, 0, FIREWALL_group_stop_s_length);
- const f_string_static_t firewall_group_lock_s = macro_f_string_static_t_initialize_1(FIREWALL_group_lock_s, 0, FIREWALL_group_lock_s_length);
- const f_string_static_t firewall_group_main_s = macro_f_string_static_t_initialize_1(FIREWALL_group_main_s, 0, FIREWALL_group_main_s_length);
-
- const f_string_static_t firewall_ip_list = macro_f_string_static_t_initialize_1(FIREWALL_ip_list_s, 0, FIREWALL_ip_list_s_length);
- const f_string_static_t firewall_ip_list_source_s = macro_f_string_static_t_initialize_1(FIREWALL_ip_list_source_s, 0, FIREWALL_ip_list_source_s_length);
- const f_string_static_t firewall_ip_list_source_action_s = macro_f_string_static_t_initialize_1(FIREWALL_ip_list_source_action_s, 0, FIREWALL_ip_list_source_action_s_length);
- const f_string_static_t firewall_ip_list_destination_s = macro_f_string_static_t_initialize_1(FIREWALL_ip_list_destination_s, 0, FIREWALL_ip_list_destination_s_length);
- const f_string_static_t firewall_ip_list_destination_action_s = macro_f_string_static_t_initialize_1(FIREWALL_ip_list_destination_action_s, 0, FIREWALL_ip_list_destination_action_s_length);
-
- const f_string_static_t firewall_protocol_s = macro_f_string_static_t_initialize_1(FIREWALL_protocol_s, 0, FIREWALL_protocol_s_length);
- const f_string_static_t firewall_protocol_operation_s = macro_f_string_static_t_initialize_1(FIREWALL_protocol_operation_s, 0, FIREWALL_protocol_operation_s_length);
- const f_string_static_t firewall_protocol_none_s = macro_f_string_static_t_initialize_1(FIREWALL_protocol_none_s, 0, FIREWALL_protocol_none_s_length);
-
- const f_string_static_t firewall_rule_s = macro_f_string_static_t_initialize_1(FIREWALL_rule_s, 0, FIREWALL_rule_s_length);
-
- const f_string_static_t firewall_show_filter_s = macro_f_string_static_t_initialize_1(FIREWALL_show_filter_s, 0, FIREWALL_show_filter_s_length);
- const f_string_static_t firewall_show_mangle_s = macro_f_string_static_t_initialize_1(FIREWALL_show_mangle_s, 0, FIREWALL_show_mangle_s_length);
- const f_string_static_t firewall_show_nat_s = macro_f_string_static_t_initialize_1(FIREWALL_show_nat_s, 0, FIREWALL_show_nat_s_length);
-
- const f_string_static_t firewall_show_parameter_exact_s = macro_f_string_static_t_initialize_1(FIREWALL_show_parameter_exact_s, 0, FIREWALL_show_parameter_exact_s_length);
- const f_string_static_t firewall_show_parameter_verbose_s = macro_f_string_static_t_initialize_1(FIREWALL_show_parameter_verbose_s, 0, FIREWALL_show_parameter_verbose_s_length);
- const f_string_static_t firewall_show_parameter_table_s = macro_f_string_static_t_initialize_1(FIREWALL_show_parameter_table_s, 0, FIREWALL_show_parameter_table_s_length);
- const f_string_static_t firewall_show_parameter_numeric_s = macro_f_string_static_t_initialize_1(FIREWALL_show_parameter_numeric_s, 0, FIREWALL_show_parameter_numeric_s_length);
- const f_string_static_t firewall_show_parameter_list_s = macro_f_string_static_t_initialize_1(FIREWALL_show_parameter_list_s, 0, FIREWALL_show_parameter_list_s_length);
-
- const f_string_static_t firewall_tool_s = macro_f_string_static_t_initialize_1(FIREWALL_tool_s, 0, FIREWALL_tool_s_length);
- const f_string_static_t firewall_tool_iptables_s = macro_f_string_static_t_initialize_1(FIREWALL_tool_iptables_s, 0, FIREWALL_tool_iptables_s_length);
- const f_string_static_t firewall_tool_ip6tables_s = macro_f_string_static_t_initialize_1(FIREWALL_tool_ip6tables_s, 0, FIREWALL_tool_ip6tables_s_length);
- const f_string_static_t firewall_tool_ip46tables_s = macro_f_string_static_t_initialize_1(FIREWALL_tool_ip46tables_s, 0, FIREWALL_tool_ip46tables_s_length);
- const f_string_static_t firewall_tool_ipset_s = macro_f_string_static_t_initialize_1(FIREWALL_tool_ipset_s, 0, FIREWALL_tool_ipset_s_length);
-#endif // _di_firewall_s_
-
-#ifndef _di_firewall_path_s_
- const f_string_static_t firewall_file_first_s = macro_f_string_static_t_initialize_1(FIREWALL_file_first_s, 0, FIREWALL_file_first_s_length);
- const f_string_static_t firewall_file_last_s = macro_f_string_static_t_initialize_1(FIREWALL_file_last_s, 0, FIREWALL_file_last_s_length);
- const f_string_static_t firewall_file_other_s = macro_f_string_static_t_initialize_1(FIREWALL_file_other_s, 0, FIREWALL_file_other_s_length);
- const f_string_static_t firewall_file_suffix_s = macro_f_string_static_t_initialize_1(FIREWALL_file_suffix_s, 0, FIREWALL_file_suffix_s_length);
-
- const f_string_static_t firewall_network_firewall_path_s = macro_f_string_static_t_initialize_1(FIREWALL_network_firewall_path_s, 0, FIREWALL_network_firewall_path_s_length);
- const f_string_static_t firewall_network_devices_s = macro_f_string_static_t_initialize_1(FIREWALL_network_devices_s, 0, FIREWALL_network_devices_s_length);
-#endif // _di_firewall_path_s_
-
-#ifndef _di_firewall_print_show_s_
- const f_string_static_t firewall_print_show_filter_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_filter_s, 0, FIREWALL_print_show_filter_s_length);
- const f_string_static_t firewall_print_show_ipv4_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_ipv4_s, 0, FIREWALL_print_show_ipv4_s_length);
- const f_string_static_t firewall_print_show_ipv6_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_ipv6_s, 0, FIREWALL_print_show_ipv6_s_length);
- const f_string_static_t firewall_print_show_mangle_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_mangle_s, 0, FIREWALL_print_show_mangle_s_length);
- const f_string_static_t firewall_print_show_nat_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_nat_s, 0, FIREWALL_print_show_nat_s_length);
-
- const f_string_static_t firewall_print_show_bars_26_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_bars_26_s, 0, FIREWALL_print_show_bars_26_s_length);
- const f_string_static_t firewall_print_show_bars_27_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_bars_27_s, 0, FIREWALL_print_show_bars_27_s_length);
- const f_string_static_t firewall_print_show_bars_28_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_bars_28_s, 0, FIREWALL_print_show_bars_28_s_length);
-#endif // _di_firewall_print_show_s_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the common string structures.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_common_string_h
-#define _firewall_common_string_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * The program version.
- */
-#ifndef _di_firewall_program_version_s_
- #define FIREWALL_program_version_major_s F_string_ascii_0_s
- #define FIREWALL_program_version_minor_s F_string_ascii_8_s
- #define FIREWALL_program_version_micro_s F_string_ascii_0_s
-
- #define FIREWALL_program_version_major_s_length F_string_ascii_0_s_length
- #define FIREWALL_program_version_minor_s_length F_string_ascii_8_s_length
- #define FIREWALL_program_version_micro_s_length F_string_ascii_0_s_length
-
- #if !(defined(FIREWALL_program_version_nano_prefix_s) && defined(FIREWALL_program_version_nano_prefix_s_length))
- #define FIREWALL_program_version_nano_prefix_s
- #define FIREWALL_program_version_nano_prefix_s_length 0
- #endif // !(defined(FIREWALL_program_version_nano_prefix_s) && defined(FIREWALL_program_version_nano_prefix_s_length))
-
- #if !(defined(FIREWALL_program_version_nano_s) && defined(FIREWALL_program_version_nano_s_length))
- #define FIREWALL_program_version_nano_s
- #define FIREWALL_program_version_nano_s_length 0
- #endif // !(defined(FIREWALL_program_version_nano_s) && defined(FIREWALL_program_version_nano_s_length))
-
- #define FIREWALL_program_version_s FIREWALL_program_version_major_s F_string_ascii_period_s FIREWALL_program_version_minor_s F_string_ascii_period_s FIREWALL_program_version_micro_s FIREWALL_program_version_nano_prefix_s FIREWALL_program_version_nano_s
-
- #define FIREWALL_program_version_s_length FIREWALL_program_version_major_s_length + F_string_ascii_period_s_length + FIREWALL_program_version_minor_s_length + F_string_ascii_period_s_length + FIREWALL_program_version_micro_s_length + FIREWALL_program_version_nano_prefix_s_length + FIREWALL_program_version_nano_s_length
-
- extern const f_string_static_t firewall_program_version_s;
-#endif // _di_firewall_program_version_s_
-
-/**
- * The program name.
- */
-#ifndef _di_firewall_program_name_s_
- #define FIREWALL_program_name_s "firewall"
- #define FIREWALL_program_name_long_s "Kevux Firewall Manager"
-
- #define FIREWALL_program_name_s_length 8
- #define FIREWALL_program_name_long_s_length 22
-
- extern const f_string_static_t firewall_program_name_s;
- extern const f_string_static_t firewall_program_name_long_s;
-#endif // _di_firewall_program_name_s_
-
-/**
- * The program help related data.
- */
-#ifndef _di_firewall_program_help_parameters_s_
- #define FIREWALL_program_help_parameters_s "operation"
- #define FIREWALL_program_help_parameters_s_length 9
-
- extern const f_string_static_t firewall_program_help_parameters_s;
-#endif // _di_firewall_program_help_parameters_s_
-
-/**
- * The main program parameters.
- */
-#ifndef _di_firewall_parameter_s_
- #define FIREWALL_short_4_s "4"
- #define FIREWALL_short_6_s "6"
-
- #define FIREWALL_short_4_s_length 1
- #define FIREWALL_short_6_s_length 1
-
- extern const f_string_static_t firewall_short_4_s;
- extern const f_string_static_t firewall_short_6_s;
-#endif // _di_firewall_parameter_s_
-
-/**
- * The firewall strings.
- */
-#ifndef _di_firewall_s_
- #define FIREWALL_action_s "action"
- #define FIREWALL_action_append_s "append"
- #define FIREWALL_action_insert_s "insert"
- #define FIREWALL_action_policy_s "policy"
- #define FIREWALL_action_none_s "none"
-
- #define FIREWALL_action_append_operation_s "-A"
- #define FIREWALL_action_insert_operation_s "-I"
- #define FIREWALL_action_policy_operation_s "-P"
-
- #define FIREWALL_chain_s "chain"
- #define FIREWALL_chain_forward_s "FORWARD"
- #define FIREWALL_chain_drop_s "DROP"
- #define FIREWALL_chain_input_s "INPUT"
- #define FIREWALL_chain_none_s "none"
- #define FIREWALL_chain_output_s "OUTPUT"
- #define FIREWALL_chain_postrouting_s "POSTROUTING"
- #define FIREWALL_chain_prerouting_s "PREROUTING"
-
- #define FIREWALL_chain_create_operation_s "-N"
- #define FIREWALL_chain_delete_operation_s "-X"
- #define FIREWALL_chain_flush_operation_s "-F"
-
- #define FIREWALL_operation_start_s "start"
- #define FIREWALL_operation_stop_s "stop"
- #define FIREWALL_operation_restart_s "restart"
- #define FIREWALL_operation_lock_s "lock"
- #define FIREWALL_operation_show_s "show"
-
- #define FIREWALL_device_s "device"
- #define FIREWALL_device_all_s "all"
- #define FIREWALL_device_this_s "this"
- #define FIREWALL_device_loop_s "lo"
-
- #define FIREWALL_device_input_operation_s "-i"
- #define FIREWALL_device_output_operation_s "-o"
-
- #define FIREWALL_direction_s "direction"
- #define FIREWALL_direction_input_s "input"
- #define FIREWALL_direction_output_s "output"
- #define FIREWALL_direction_none_s "none"
-
- #define FIREWALL_group_stop_s "stop"
- #define FIREWALL_group_lock_s "lock"
- #define FIREWALL_group_main_s "main"
-
- #define FIREWALL_ip_list_s "ip_list"
- #define FIREWALL_ip_list_source_s "source"
- #define FIREWALL_ip_list_source_action_s "-s"
- #define FIREWALL_ip_list_destination_s "destination"
- #define FIREWALL_ip_list_destination_action_s "-d"
-
- #define FIREWALL_protocol_s "protocol"
- #define FIREWALL_protocol_operation_s "-p"
- #define FIREWALL_protocol_none_s "none"
-
- #define FIREWALL_rule_s "rule"
-
- #define FIREWALL_show_filter_s "filter"
- #define FIREWALL_show_mangle_s "mangle"
- #define FIREWALL_show_nat_s "nat"
-
- #define FIREWALL_show_parameter_exact_s "-x"
- #define FIREWALL_show_parameter_verbose_s "-v"
- #define FIREWALL_show_parameter_table_s "-t"
- #define FIREWALL_show_parameter_numeric_s "--numeric"
- #define FIREWALL_show_parameter_list_s "--list"
-
- #define FIREWALL_tool_s "tool"
- #define FIREWALL_tool_iptables_s "iptables"
- #define FIREWALL_tool_ip6tables_s "ip6tables"
- #define FIREWALL_tool_ip46tables_s "ip46tables"
- #define FIREWALL_tool_ipset_s "ipset"
-
- #define FIREWALL_action_s_length 6
- #define FIREWALL_action_append_s_length 6
- #define FIREWALL_action_insert_s_length 6
- #define FIREWALL_action_policy_s_length 6
- #define FIREWALL_action_none_s_length 4
-
- #define FIREWALL_action_append_operation_s_length 2
- #define FIREWALL_action_insert_operation_s_length 2
- #define FIREWALL_action_policy_operation_s_length 2
-
- #define FIREWALL_chain_s_length 5
- #define FIREWALL_chain_forward_s_length 7
- #define FIREWALL_chain_drop_s_length 4
- #define FIREWALL_chain_input_s_length 5
- #define FIREWALL_chain_none_s_length 4
- #define FIREWALL_chain_output_s_length 6
- #define FIREWALL_chain_postrouting_s_length 12
- #define FIREWALL_chain_prerouting_s_length 11
-
- #define FIREWALL_chain_create_operation_s_length 2
- #define FIREWALL_chain_delete_operation_s_length 2
- #define FIREWALL_chain_flush_operation_s_length 2
-
- #define FIREWALL_operation_start_s_length 5
- #define FIREWALL_operation_stop_s_length 4
- #define FIREWALL_operation_restart_s_length 7
- #define FIREWALL_operation_lock_s_length 4
- #define FIREWALL_operation_show_s_length 4
-
- #define FIREWALL_device_s_length 6
- #define FIREWALL_device_all_s_length 3
- #define FIREWALL_device_this_s_length 4
- #define FIREWALL_device_loop_s_length 2
-
- #define FIREWALL_device_input_operation_s_length 2
- #define FIREWALL_device_output_operation_s_length 2
-
- #define FIREWALL_direction_s_length 9
- #define FIREWALL_direction_input_s_length 5
- #define FIREWALL_direction_output_s_length 6
- #define FIREWALL_direction_none_s_length 4
-
- #define FIREWALL_group_stop_s_length 4
- #define FIREWALL_group_lock_s_length 4
- #define FIREWALL_group_main_s_length 4
-
- #define FIREWALL_ip_list_s_length 7
- #define FIREWALL_ip_list_source_s_length 6
- #define FIREWALL_ip_list_source_action_s_length 2
- #define FIREWALL_ip_list_destination_s_length 11
- #define FIREWALL_ip_list_destination_action_s_length 2
-
- #define FIREWALL_protocol_s_length 8
- #define FIREWALL_protocol_operation_s_length 2
- #define FIREWALL_protocol_none_s_length 4
-
- #define FIREWALL_rule_s_length 4
-
- #define FIREWALL_show_filter_s_length 6
- #define FIREWALL_show_mangle_s_length 6
- #define FIREWALL_show_nat_s_length 3
-
- #define FIREWALL_show_parameter_exact_s_length 2
- #define FIREWALL_show_parameter_verbose_s_length 2
- #define FIREWALL_show_parameter_table_s_length 2
- #define FIREWALL_show_parameter_numeric_s_length 9
- #define FIREWALL_show_parameter_list_s_length 6
-
- #define FIREWALL_tool_s_length 4
- #define FIREWALL_tool_iptables_s_length 8
- #define FIREWALL_tool_ip6tables_s_length 9
- #define FIREWALL_tool_ip46tables_s_length 10
- #define FIREWALL_tool_ipset_s_length 5
-
- extern const f_string_static_t firewall_action_s;
- extern const f_string_static_t firewall_action_append_s;
- extern const f_string_static_t firewall_action_insert_s;
- extern const f_string_static_t firewall_action_policy_s;
- extern const f_string_static_t firewall_action_none_s;
-
- extern const f_string_static_t firewall_action_append_operation_s;
- extern const f_string_static_t firewall_action_insert_operation_s;
- extern const f_string_static_t firewall_action_policy_operation_s;
-
- extern const f_string_static_t firewall_chain_s;
- extern const f_string_static_t firewall_chain_forward_s;
- extern const f_string_static_t firewall_chain_drop_s;
- extern const f_string_static_t firewall_chain_input_s;
- extern const f_string_static_t firewall_chain_none_s;
- extern const f_string_static_t firewall_chain_output_s;
- extern const f_string_static_t firewall_chain_postrouting_s;
- extern const f_string_static_t firewall_chain_prerouting_s;
-
- extern const f_string_static_t firewall_chain_create_operation_s;
- extern const f_string_static_t firewall_chain_delete_operation_s;
- extern const f_string_static_t firewall_chain_flush_operation_s;
-
- extern const f_string_static_t firewall_operation_start_s;
- extern const f_string_static_t firewall_operation_stop_s;
- extern const f_string_static_t firewall_operation_restart_s;
- extern const f_string_static_t firewall_operation_lock_s;
- extern const f_string_static_t firewall_operation_show_s;
-
- extern const f_string_static_t firewall_device_s;
- extern const f_string_static_t firewall_device_all_s;
- extern const f_string_static_t firewall_device_this_s;
- extern const f_string_static_t firewall_device_loop_s;
-
- extern const f_string_static_t firewall_device_input_operation_s;
- extern const f_string_static_t firewall_device_output_operation_s;
-
- extern const f_string_static_t firewall_direction_s;
- extern const f_string_static_t firewall_direction_input_s;
- extern const f_string_static_t firewall_direction_output_s;
- extern const f_string_static_t firewall_direction_none_s;
-
- extern const f_string_static_t firewall_group_stop_s;
- extern const f_string_static_t firewall_group_lock_s;
- extern const f_string_static_t firewall_group_main_s;
-
- extern const f_string_static_t firewall_ip_list;
- extern const f_string_static_t firewall_ip_list_source_s;
- extern const f_string_static_t firewall_ip_list_source_action_s;
- extern const f_string_static_t firewall_ip_list_destination_s;
- extern const f_string_static_t firewall_ip_list_destination_action_s;
-
- extern const f_string_static_t firewall_protocol_s;
- extern const f_string_static_t firewall_protocol_operation_s;
- extern const f_string_static_t firewall_protocol_none_s;
-
- extern const f_string_static_t firewall_rule_s;
-
- extern const f_string_static_t firewall_show_filter_s;
- extern const f_string_static_t firewall_show_mangle_s;
- extern const f_string_static_t firewall_show_nat_s;
-
- extern const f_string_static_t firewall_show_parameter_exact_s;
- extern const f_string_static_t firewall_show_parameter_verbose_s;
- extern const f_string_static_t firewall_show_parameter_table_s;
- extern const f_string_static_t firewall_show_parameter_numeric_s;
- extern const f_string_static_t firewall_show_parameter_list_s;
-
- extern const f_string_static_t firewall_tool_s;
- extern const f_string_static_t firewall_tool_iptables_s;
- extern const f_string_static_t firewall_tool_ip6tables_s;
- extern const f_string_static_t firewall_tool_ip46tables_s;
- extern const f_string_static_t firewall_tool_ipset_s;
-#endif // _di_firewall_s_
-
-/**
- * The main program operations.
- */
-#ifndef _di_firewall_operation_s_
- #define FIREWALL_operation_start_s "start"
- #define FIREWALL_operation_stop_s "stop"
- #define FIREWALL_operation_restart_s "restart"
- #define FIREWALL_operation_lock_s "lock"
- #define FIREWALL_operation_show_s "show"
-
- #define FIREWALL_operation_start_s_length 5
- #define FIREWALL_operation_stop_s_length 4
- #define FIREWALL_operation_restart_s_length 7
- #define FIREWALL_operation_lock_s_length 4
- #define FIREWALL_operation_show_s_length 4
-
- extern const f_string_static_t firewall_operation_start_s;
- extern const f_string_static_t firewall_operation_stop_s;
- extern const f_string_static_t firewall_operation_restart_s;
- extern const f_string_static_t firewall_operation_lock_s;
- extern const f_string_static_t firewall_operation_show_s;
-#endif // _di_firewall_operation_s_
-
-/**
- * The program paths.
- */
-#ifndef _di_firewall_path_s_
- #define FIREWALL_file_first_s "firewall-first"
- #define FIREWALL_file_last_s "firewall-last"
- #define FIREWALL_file_other_s "firewall-other"
- #define FIREWALL_file_suffix_s "-firewall"
-
- #define FIREWALL_network_firewall_path_s "/etc/network/firewall/"
- #define FIREWALL_network_devices_s "/sys/class/net/"
-
- #define FIREWALL_file_first_s_length 14
- #define FIREWALL_file_last_s_length 13
- #define FIREWALL_file_other_s_length 14
- #define FIREWALL_file_suffix_s_length 9
-
- #define FIREWALL_network_firewall_path_s_length 22
- #define FIREWALL_network_devices_s_length 15
-
- extern const f_string_static_t firewall_file_first_s;
- extern const f_string_static_t firewall_file_last_s;
- extern const f_string_static_t firewall_file_other_s;
- extern const f_string_static_t firewall_file_suffix_s;
-
- extern const f_string_static_t firewall_network_firewall_path_s;
- extern const f_string_static_t firewall_network_devices_s;
-#endif // _di_firewall_path_s_
-
-/**
- * The show option related strings for printing to the screen.
- */
-#ifndef _di_firewall_print_show_s_
- #define FIREWALL_print_show_filter_s "FILTER"
- #define FIREWALL_print_show_ipv4_s "IPv4"
- #define FIREWALL_print_show_ipv6_s "IPv6"
- #define FIREWALL_print_show_mangle_s "MANGLE"
- #define FIREWALL_print_show_nat_s "NAT"
-
- #define FIREWALL_print_show_bars_26_s "=========================="
- #define FIREWALL_print_show_bars_27_s "============================"
- #define FIREWALL_print_show_bars_28_s "============================"
-
- #define FIREWALL_print_show_filter_s_length 6
- #define FIREWALL_print_show_ipv4_s_length 4
- #define FIREWALL_print_show_ipv6_s_length 4
- #define FIREWALL_print_show_mangle_s_length 6
- #define FIREWALL_print_show_nat_s_length 3
-
- #define FIREWALL_print_show_bars_26_s_length 26
- #define FIREWALL_print_show_bars_27_s_length 27
- #define FIREWALL_print_show_bars_28_s_length 28
-
- extern const f_string_static_t firewall_print_show_filter_s;
- extern const f_string_static_t firewall_print_show_ipv4_s;
- extern const f_string_static_t firewall_print_show_ipv6_s;
- extern const f_string_static_t firewall_print_show_mangle_s;
- extern const f_string_static_t firewall_print_show_nat_s;
-
- extern const f_string_static_t firewall_print_show_bars_26_s;
- extern const f_string_static_t firewall_print_show_bars_27_s;
- extern const f_string_static_t firewall_print_show_bars_28_s;
-#endif // _di_firewall_print_show_s_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_common_string_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_cache_delete_
- void firewall_cache_delete(firewall_cache_t * const cache) {
-
- if (!cache) return;
-
- f_file_close(&cache->file);
-
- f_memory_array_resize(0, sizeof(f_char_t), (void **) &cache->buffer.string, &cache->buffer.used, &cache->buffer.size);
- f_memory_array_resize(0, sizeof(f_char_t), (void **) &cache->device.string, &cache->device.used, &cache->device.size);
- f_memory_array_resize(0, sizeof(f_char_t), (void **) &cache->ip_list.string, &cache->ip_list.used, &cache->ip_list.size);
- f_memory_array_resize(0, sizeof(f_char_t), (void **) &cache->path_file.string, &cache->path_file.used, &cache->path_file.size);
- f_memory_array_resize(0, sizeof(f_char_t), (void **) &cache->path_file_specific.string, &cache->path_file_specific.used, &cache->path_file_specific.size);
- f_memory_array_resize(0, sizeof(f_char_t), (void **) &cache->protocol.string, &cache->protocol.used, &cache->protocol.size);
-
- f_memory_arrays_resize(0, sizeof(f_string_dynamic_t), (void **) &cache->arguments.array, &cache->arguments.used, &cache->arguments.size, &f_string_dynamics_delete_callback);
-
- f_memory_array_resize(0, sizeof(f_number_unsigned_t), (void **) &cache->delimits.array, &cache->delimits.used, &cache->delimits.size);
-
- f_memory_array_resize(0, sizeof(f_range_t), (void **) &cache->basic_objects.array, &cache->basic_objects.used, &cache->basic_objects.size);
- f_memory_arrays_resize(0, sizeof(f_ranges_t), (void **) &cache->basic_contents.array, &cache->basic_contents.used, &cache->basic_contents.size, &f_rangess_delete_callback);
- }
-#endif // _di_firewall_cache_delete_
-
-#ifndef _di_firewall_data_delete_
- void firewall_data_delete(firewall_data_t * const data) {
-
- if (!data) return;
-
- f_memory_array_resize(0, sizeof(f_char_t), (void **) &data->buffer.string, &data->buffer.used, &data->buffer.size);
-
- f_memory_array_resize(0, sizeof(f_number_unsigned_t), (void **) &data->chain_ids.array, &data->chain_ids.used, &data->chain_ids.size);
-
- f_memory_array_resize(0, sizeof(f_range_t), (void **) &data->comments.array, &data->comments.used, &data->comments.size);
- f_memory_array_resize(0, sizeof(f_range_t), (void **) &data->chain_objects.array, &data->chain_objects.used, &data->chain_objects.size);
- f_memory_array_resize(0, sizeof(f_range_t), (void **) &data->rule_objects.array, &data->rule_objects.used, &data->rule_objects.size);
-
- f_memory_arrays_resize(0, sizeof(f_ranges_t), (void **) &data->chain_contents.array, &data->chain_contents.used, &data->chain_contents.size, &f_rangess_delete_callback);
- f_memory_arrays_resize(0, sizeof(f_ranges_t), (void **) &data->rule_contents.array, &data->rule_contents.used, &data->rule_contents.size, &f_rangess_delete_callback);
- }
-#endif // _di_firewall_data_delete_
-
-#ifndef _di_firewall_main_delete_
- void firewall_main_delete(firewall_main_t * const main) {
-
- if (!main) return;
-
- fll_program_data_delete(&main->program);
-
- firewall_setting_delete(&main->setting);
- firewall_data_delete(&main->data);
- firewall_cache_delete(&main->cache);
- }
-#endif // _di_firewall_main_delete_
-
-#ifndef _di_firewall_setting_delete_
- void firewall_setting_delete(firewall_setting_t * const setting) {
-
- if (!setting) return;
-
- f_memory_arrays_resize(0, sizeof(f_string_dynamic_t), (void **) &setting->chains.array, &setting->chains.used, &setting->chains.size, &f_string_dynamics_delete_callback);
- f_memory_arrays_resize(0, sizeof(f_string_dynamic_t), (void **) &setting->devices.array, &setting->devices.used, &setting->devices.size, &f_string_dynamics_delete_callback);
- }
-#endif // _di_firewall_setting_delete_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the common type structures.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_common_type_h
-#define _firewall_common_type_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Pre-define the main type so it can be used in child classes.
- */
-#ifndef _di_firewall_main_t_typedef_
- typedef struct firewall_main_t_ firewall_main_t;
-#endif // _di_firewall_main_t_typedef_
-
-/**
- * A cache used for during processing.
- *
- * Properties:
- * - file: The file structure.
- *
- * - buffer: A buffer used when proessing the basic objects and contents cache.
- * - device: The device.
- * - ip_list: The ip list.
- * - path_file: The path to a file.
- * - path_file_specific: The specific path to a file.
- * - protocol: The protocol.
- * - arguments: The arguments array.
- *
- * - delimits: The delimits array used when loading FSS data.
- *
- * - basic_objects: The FSS Basic Objects.
- * - basic_contents: The FSS Basic Contents.
- */
-#ifndef _di_firewall_cache_t_
- typedef struct {
- f_file_t file;
-
- f_string_dynamic_t buffer;
- f_string_dynamic_t device;
- f_string_dynamic_t ip_list;
- f_string_dynamic_t path_file;
- f_string_dynamic_t path_file_specific;
- f_string_dynamic_t protocol;
- f_string_dynamics_t arguments;
-
- f_number_unsigneds_t delimits;
-
- f_ranges_t basic_objects;
- f_rangess_t basic_contents;
- } firewall_cache_t;
-
- #define firewall_cache_t_initialize \
- { \
- f_file_t_initialize, \
- f_string_dynamic_t_initialize, \
- f_string_dynamic_t_initialize, \
- f_string_dynamic_t_initialize, \
- f_string_dynamic_t_initialize, \
- f_string_dynamic_t_initialize, \
- f_string_dynamic_t_initialize, \
- f_string_dynamics_t_initialize, \
- f_number_unsigneds_t_initialize, \
- f_ranges_t_initialize, \
- f_rangess_t_initialize, \
- }
-#endif // _di_firewall_cache_t_
-
-/**
- * A data used for building and processing firewall rules.
- *
- * Properties:
- * - is: Flags used to represent the state in the current set being processed.
- * - has: Flags used to represent if each at has a position.
- *
- * - chain: The chain currently being processed (fom chain_contents).
- * - device: The device position.
- * - lock: The lock position.
- * - main: The main position.
- * - stop: The stop position.
- * - range: A range used during operation processing.
- *
- * - file: The file name currently in use.
- * - buffer: The entire set of chains and rules to operate on.
- *
- * - chain_ids: The list of chain IDs.
- *
- * - chain_objects: The list of chain Objects.
- * - rule_objects: The list of rule Objects.
- * - chain_contents: The list of chain Contents.
- * - rule_contents: The list of rule Contents.
- */
-#ifndef _di_firewall_data_t_
- typedef struct {
- uint8_t is;
- uint8_t has;
-
- f_number_unsigned_t chain;
- f_number_unsigned_t device;
- f_number_unsigned_t lock;
- f_number_unsigned_t main;
- f_number_unsigned_t stop;
- f_range_t range;
-
- f_string_static_t file;
- f_string_dynamic_t buffer;
-
- f_number_unsigneds_t chain_ids;
-
- f_ranges_t comments;
- f_ranges_t chain_objects;
- f_ranges_t rule_objects;
- f_rangess_t chain_contents;
- f_rangess_t rule_contents;
- } firewall_data_t;
-
- #define firewall_data_t_initialize \
- { \
- firewall_data_is_none_d, \
- firewall_data_has_none_e, \
- 0, \
- 0, \
- 0, \
- 0, \
- 0, \
- f_range_t_initialize, \
- f_string_static_t_initialize, \
- f_string_dynamic_t_initialize, \
- f_number_unsigneds_t_initialize, \
- f_ranges_t_initialize, \
- f_ranges_t_initialize, \
- f_ranges_t_initialize, \
- f_rangess_t_initialize, \
- f_rangess_t_initialize, \
- }
-#endif // _di_firewall_data_t_
-
-/**
- * The firewall main program settings.
- *
- * This is passed to the program-specific main entry point to designate program settings.
- * These program settings are often processed from the program arguments (often called the command line arguments).
- *
- * Properties:
- * - flag: Flags passed to the main function.
- * - state: The state information.
- *
- * - chains: An array of all chains. @todo probably should be moved into data.
- * - devices: An array of all devices. @todo probably should be moved into data.
- */
-#ifndef _di_firewall_setting_t_
- typedef struct {
- uint16_t flag;
- f_state_t state;
-
- f_string_dynamics_t chains;
- f_string_dynamics_t devices;
- } firewall_setting_t;
-
- #define firewall_setting_t_initialize \
- { \
- firewall_main_flag_none_d, \
- f_state_t_initialize, \
- f_string_dynamics_t_initialize, \
- f_string_dynamics_t_initialize, \
- }
-#endif // _di_firewall_setting_t_
-
-/**
- * The main program data as a single structure.
- *
- * Properties:
- * - program: The main program data.
- * - setting: The settings data.
- * - data: The firewall data.
- * - cache: The firewall cache.
- */
-#ifndef _di_firewall_main_t_
- struct firewall_main_t_ {
- fll_program_data_t program;
- firewall_setting_t setting;
- firewall_data_t data;
- firewall_cache_t cache;
- };
-
- #define firewall_main_t_initialize \
- { \
- fll_program_data_t_initialize, \
- firewall_setting_t_initialize, \
- firewall_data_t_initialize, \
- firewall_cache_t_initialize, \
- }
-#endif // _di_firewall_main_t_
-
-/**
- * De-allocate firewall cache.
- *
- * @param cache
- * The firewall cache.
- *
- * Must not be NULL.
- *
- * This does not alter main.setting.state.status.
- *
- * @see f_file_close()
- * @see f_memory_array_resize()
- * @see f_memory_arrays_resize()
- */
-#ifndef _di_firewall_cache_delete_
- extern void firewall_cache_delete(firewall_cache_t * const cache);
-#endif // _di_firewall_cache_delete_
-
-/**
- * De-allocate firewall data.
- *
- * @param data
- * The firewall data.
- *
- * Must not be NULL.
- *
- * This does not alter main.setting.state.status.
- *
- * @see f_memory_array_resize()
- * @see f_memory_arrays_resize()
- */
-#ifndef _di_firewall_data_delete_
- extern void firewall_data_delete(firewall_data_t * const data);
-#endif // _di_firewall_data_delete_
-
-/**
- * De-allocate main program data.
- *
- * @param main
- * The main program data.
- *
- * Must not be NULL.
- *
- * This does not alter main.setting.state.status.
- *
- * @see fll_program_data_delete()
- * @see firewall_cache_delete()
- * @see firewall_data_delete()
- * @see firewall_setting_delete()
- */
-#ifndef _di_firewall_main_delete_
- extern void firewall_main_delete(firewall_main_t * const main);
-#endif // _di_firewall_main_delete_
-
-/**
- * Delete the program main setting data.
- *
- * @param setting
- * The program main setting data.
- *
- * Must not be NULL.
- *
- * This does not alter setting.state.status.
- *
- * @see f_memory_arrays_resize()
- */
-#ifndef _di_firewall_setting_delete_
- extern void firewall_setting_delete(firewall_setting_t * const setting);
-#endif // _di_firewall_setting_delete_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_common_type_h
+++ /dev/null
-#include "firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_main_
- void firewall_main(firewall_main_t * const main) {
-
- if (!main || F_status_is_error(main->setting.state.status)) return;
-
- main->setting.state.status = F_okay;
-
- if (main->setting.flag & firewall_main_flag_version_copyright_help_d) {
- if (main->setting.flag & firewall_main_flag_help_d) {
- firewall_print_message_help(&main->program.message);
- }
- else if (main->setting.flag & firewall_main_flag_version_d) {
- fll_program_print_version(&main->program.message, firewall_program_version_s);
- }
- else if (main->setting.flag & firewall_main_flag_copyright_d) {
- fll_program_print_copyright(&main->program.message, fll_program_copyright_year_author_s);
- }
-
- if (main->program.signal_received) {
- fll_program_print_signal_received(&main->program.warning, main->program.signal_received);
- }
-
- return;
- }
-
- if (main->setting.flag & firewall_main_flag_operation_d) {
- firewall_operate(main);
- }
- else {
- main->setting.state.status = F_status_set_error(F_parameter);
-
- firewall_print_error_operation_specified_not(&main->program.error);
- }
-
- if (main->program.signal_received) {
- fll_program_print_signal_received(&main->program.warning, main->program.signal_received);
- }
-
- if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_interrupt) return;
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_main_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * This is the program is intended to be used to manage iptables.
- *
- * This program utilizes the Featureless Linux Library.
- */
-#ifndef _firewall_h
-#define _firewall_h
-
-// Libc includes.
-#include <unistd.h>
-
-// FLL-0 includes.
-#include <fll/level_0/type.h>
-#include <fll/level_0/status.h>
-#include <fll/level_0/memory.h>
-#include <fll/level_0/string.h>
-#include <fll/level_0/utf.h>
-#include <fll/level_0/compare.h>
-#include <fll/level_0/console.h>
-#include <fll/level_0/directory.h>
-#include <fll/level_0/fss.h>
-#include <fll/level_0/file.h>
-#include <fll/level_0/pipe.h>
-#include <fll/level_0/print.h>
-#include <fll/level_0/signal.h>
-#include <fll/level_0/thread.h>
-
-// FLL-1 includes.
-#include <fll/level_1/print.h>
-
-// FLL-2 includes.
-#include <fll/level_2/error.h>
-#include <fll/level_2/execute.h>
-#include <fll/level_2/fss.h>
-#include <fll/level_2/fss/basic.h>
-#include <fll/level_2/fss/basic_list.h>
-#include <fll/level_2/fss/extended.h>
-#include <fll/level_2/print.h>
-#include <fll/level_2/program.h>
-
-// Firewall includes.
-#include <program/firewall/main/common/define.h>
-#include <program/firewall/main/common/enumeration.h>
-#include <program/firewall/main/common/string.h>
-#include <program/firewall/main/common/type.h>
-#include <program/firewall/main/common.h>
-#include <program/firewall/main/print/debug.h>
-#include <program/firewall/main/print/error.h>
-#include <program/firewall/main/print/message.h>
-#include <program/firewall/main/print/warning.h>
-#include <program/firewall/main/operate.h>
-#include <program/firewall/main/operate/buffer.h>
-#include <program/firewall/main/operate/chains.h>
-#include <program/firewall/main/operate/create.h>
-#include <program/firewall/main/operate/default.h>
-#include <program/firewall/main/operate/delete.h>
-#include <program/firewall/main/operate/process.h>
-#include <program/firewall/main/operate/rules.h>
-#include <program/firewall/main/operate/show.h>
-#include <program/firewall/main/signal.h>
-#include <program/firewall/main/thread.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Execute main program.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: f_file_stream_open()
- * Errors (with error bit) from: firewall_load_line()
- * Errors (with error bit) from: firewall_process()
- *
- * @see f_file_stream_open()
- * @see firewall_load_line()
- * @see firewall_process()
- */
-#ifndef _di_firewall_main_
- extern void firewall_main(firewall_main_t * const main);
-#endif // _di_firewall_main_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_h
+++ /dev/null
-#include "firewall.h"
-
-int main(const int argc, const f_string_t *argv, const f_string_t *envp) {
-
- firewall_main_t data = firewall_main_t_initialize;
-
- data.program.debug.flag |= firewall_print_flag_debug_e | firewall_print_flag_out_e;
- data.program.error.flag |= firewall_print_flag_error_e | firewall_print_flag_out_e;
- data.program.output.flag |= firewall_print_flag_out_e;
- data.program.message.flag |= firewall_print_flag_message_e | firewall_print_flag_out_e;
- data.program.warning.flag |= firewall_print_flag_warning_e | firewall_print_flag_out_e;
- data.program.error.custom = (void *) &data;
- data.program.debug.custom = (void *) &data;
- data.program.message.custom = (void *) &data;
- data.program.output.custom = (void *) &data;
- data.program.warning.custom = (void *) &data;
-
- f_console_parameter_t parameters[] = firewall_console_parameter_t_initialize;
-
- data.program.parameters.array = parameters;
- data.program.parameters.used = firewall_parameter_total_d;
- data.program.environment = envp;
-
- data.setting.flag |= firewall_main_flag_ipv46_d;
-
- if (f_pipe_input_exists()) {
- data.program.pipe = fll_program_data_pipe_input_e;
- }
-
- fll_program_standard_set_up(&data.program);
-
- f_file_umask_get(&data.program.umask);
-
- #ifdef _di_thread_support_
- {
- const f_console_arguments_t arguments = macro_f_console_arguments_t_initialize_1(argc, argv, envp);
-
- firewall_setting_load(arguments, &data);
- }
-
- firewall_main(&data);
- #else
- {
- f_thread_id_t id_signal;
-
- memset(&id_signal, 0, sizeof(f_thread_id_t));
-
- data.setting.state.status = f_thread_create(0, &id_signal, &firewall_thread_signal, (void *) &data);
-
- if (F_status_is_error(data.setting.state.status)) {
- firewall_print_error(&data.program.error, F_status_debug_source_d);
- }
- else {
- {
- const f_console_arguments_t arguments = macro_f_console_arguments_t_initialize_1(argc, argv, envp);
-
- firewall_setting_load(arguments, &data);
- }
-
- if (!macro_firewall_signal_check(&data.program, &data.setting.state)) {
- firewall_main(&data);
- }
-
- f_thread_cancel(id_signal);
- f_thread_join(id_signal, 0);
- }
- }
- #endif // _di_thread_support_
-
- firewall_main_delete(&data);
-
- fll_program_standard_set_down(&data.program);
-
- return (F_status_is_error(data.setting.state.status) || data.setting.state.status == F_false) ? 1 : 0;
-}
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * This file is only ever included by main/main.c and should not normally be included anywhere else.
- * Anything that wants to include this should be providing the "firewall" program functionality in some manner.
- */
-#ifndef _firewall_main_h
-#define _firewall_main_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Standard program entry point.
- *
- * @param argc
- * The number of arguments.
- * @param argv
- * The array of arguments.
- * @param envp
- * The array of all environment variables on program start.
- *
- * @return
- * 0 on success.
- * 1 on error.
- */
-extern int main(const int argc, const f_string_t *argv, const f_string_t *envp);
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_main_h
+++ /dev/null
-#include "firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_operate_
- void firewall_operate(firewall_main_t * const main) {
-
- if (!main) return;
-
- main->data.is = firewall_data_is_global_d;
-
- if (main->setting.flag & firewall_main_flag_operation_show_d) {
- firewall_operate_show(main);
-
- return;
- }
-
- main->setting.state.status = f_directory_list(firewall_network_devices_s, 0, alphasort, &main->setting.devices);
-
- if (F_status_is_error(main->setting.state.status)) {
- if (F_status_set_fine(main->setting.state.status) == F_data_not) {
- firewall_print_error_network_device_none(&main->program.error);
- }
- else if (F_status_set_fine(main->setting.state.status) == F_failure) {
- firewall_print_error_file(&main->program.error, F_status_debug_source_d, firewall_network_devices_s, f_file_operation_read_s, fll_error_file_type_directory_e);
- }
- else {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
- }
-
- return;
- }
-
- f_number_unsigned_t i = 0;
-
- // Remove "lo" (loopback) from the device listing.
- for (; i < main->setting.devices.used; ++i) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- if (f_compare_dynamic(firewall_device_loop_s, main->setting.devices.array[i]) == F_equal_to) {
- main->data.file = main->setting.devices.array[i];
-
- for (--main->setting.devices.used; i < main->setting.devices.used; ++i) {
- main->setting.devices.array[i] = main->setting.devices.array[i + 1];
- } // for
-
- main->setting.devices.array[main->setting.devices.used] = main->data.file;
- }
- } // for
-
- main->data.file.string = 0;
- main->data.file.used = 0;
-
- if (main->setting.flag & firewall_main_flag_operation_stop_restart_lock_d) {
- main->data.file.used = firewall_network_firewall_path_s.used + firewall_file_other_s.used;
-
- f_char_t path_file_other[main->data.file.used + 1];
- main->data.file.string = path_file_other;
- path_file_other[main->data.file.used] = 0;
-
- memcpy(path_file_other, firewall_network_firewall_path_s.string, sizeof(f_char_t) * firewall_network_firewall_path_s.used);
- memcpy(path_file_other + firewall_network_firewall_path_s.used, firewall_file_other_s.string, sizeof(f_char_t) * firewall_file_other_s.used);
-
- firewall_operate_buffer_chain(main, main->data.file, F_false);
- if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child) return;
-
- for (i = 0; i < main->data.chain_objects.used; ++i) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- if (!(main->data.has & firewall_data_has_stop_e) && f_compare_dynamic_partial_string(firewall_group_stop_s.string, main->data.buffer, firewall_group_stop_s.used, main->data.chain_objects.array[i]) == F_equal_to) {
- main->data.stop = i;
- main->data.has |= firewall_data_has_stop_e;
- }
- else if (!(main->data.has & firewall_data_has_lock_e) && f_compare_dynamic_partial_string(firewall_group_lock_s.string, main->data.buffer, firewall_group_lock_s.used, main->data.chain_objects.array[i]) == F_equal_to) {
- main->data.lock = i;
- main->data.has |= firewall_data_has_lock_e;
- }
- } // for
-
- if (main->setting.flag & firewall_main_flag_operation_lock_d) {
- if (main->data.has & firewall_data_has_lock_e) {
- firewall_operate_delete_chains(main);
-
- firewall_operate_default_lock(main);
-
- if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child) return;
-
- main->data.chain = main->data.lock;
- main->data.is = firewall_data_is_lock_d;
- main->data.range.start = main->data.chain_contents.array[main->data.lock].array[0].start;
- main->data.range.stop = main->data.chain_contents.array[main->data.lock].array[0].stop;
-
- firewall_operate_buffer_rules(main);
-
- firewall_operate_rules(main);
- }
- else {
- main->setting.state.status = F_status_set_error(F_data);
-
- firewall_print_error_operation_files_missing(&main->program.error, firewall_operation_lock_s, main->data.file);
- }
-
- return;
- }
-
- if (main->setting.flag & firewall_main_flag_operation_stop_restart_d) {
- if (main->data.has & firewall_data_has_stop_e) {
- firewall_operate_delete_chains(main);
-
- firewall_operate_default_lock(main);
-
- if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child) return;
-
- main->data.chain = main->data.stop;
- main->data.is = firewall_data_is_global_d | firewall_data_is_stop_d;
- main->data.range.start = main->data.chain_contents.array[main->data.stop].array[0].start;
- main->data.range.stop = main->data.chain_contents.array[main->data.stop].array[0].stop;
-
- firewall_operate_buffer_rules(main);
-
- firewall_operate_rules(main);
-
- if (F_status_is_error(main->setting.state.status) || (main->data.has & firewall_main_flag_operation_stop_d) || main->setting.state.status == F_child) return;
- }
- else {
- main->setting.state.status = F_status_set_error(F_data);
-
- firewall_print_error_operation_files_missing(&main->program.error, firewall_operation_stop_s, main->data.file);
-
- return;
- }
- }
-
- main->data.file.string = 0;
- main->data.file.used = 0;
- }
-
- if (main->setting.flag & firewall_main_flag_operation_start_restart_d) {
- main->data.file.used = firewall_network_firewall_path_s.used + firewall_file_first_s.used;
-
- f_char_t path_file_first[main->data.file.used + 1];
- main->data.file.string = path_file_first;
- path_file_first[main->data.file.used] = 0;
-
- memcpy(path_file_first, firewall_network_firewall_path_s.string, sizeof(f_char_t) * firewall_network_firewall_path_s.used);
- memcpy(path_file_first + firewall_network_firewall_path_s.used, firewall_file_first_s.string, sizeof(f_char_t) * firewall_file_first_s.used);
-
- firewall_operate_buffer_chain(main, main->data.file, F_false);
-
- if (main->setting.flag & firewall_main_flag_operation_start_d) {
- firewall_operate_delete_chains(main);
-
- firewall_operate_default_lock(main);
- }
-
- firewall_operate_create_custom_chains(main);
-
- main->data.is = firewall_data_is_global_d;
-
- firewall_operate_chains(main);
-
- if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child || (main->setting.flag & firewall_main_flag_operation_stop_d)) return;
-
- for (f_number_unsigned_t j = 0; j < main->setting.devices.used; ++j) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- main->cache.path_file.used = 0;
- main->data.device = j;
-
- main->setting.state.status = f_memory_array_increase_by(firewall_network_firewall_path_s.used + main->setting.devices.array[j].used + firewall_file_suffix_s.used + 1, sizeof(f_char_t), (void **) &main->cache.path_file.string, &main->cache.path_file.used, &main->cache.path_file.size);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->data.file = main->cache.path_file;
-
- main->setting.state.status = f_string_dynamic_append(firewall_network_firewall_path_s, &main->cache.path_file);
-
- if (F_status_is_error_not(main->setting.state.status)) {
- main->setting.state.status = f_string_dynamic_append(main->setting.devices.array[j], &main->cache.path_file);
- }
-
- if (F_status_is_error_not(main->setting.state.status)) {
- main->setting.state.status = f_string_dynamic_append(firewall_file_suffix_s, &main->cache.path_file);
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- firewall_operate_buffer_chain(main, main->cache.path_file, F_true);
-
- firewall_operate_create_custom_chains(main);
-
- main->data.is = 0;
-
- firewall_operate_chains(main);
- if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child || (main->setting.flag & firewall_main_flag_operation_stop_d)) return;
- } // for
-
- main->cache.path_file.used = 0;
-
- main->setting.state.status = f_string_dynamic_append(firewall_network_firewall_path_s, &main->cache.path_file);
-
- if (F_status_is_error_not(main->setting.state.status)) {
- main->setting.state.status = f_string_dynamic_append(firewall_file_last_s, &main->cache.path_file);
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->data.file.used = main->cache.path_file.used;
-
- firewall_operate_buffer_chain(main, main->cache.path_file, F_false);
-
- firewall_operate_create_custom_chains(main);
-
- main->data.is = firewall_data_is_global_d;
-
- firewall_operate_chains(main);
- if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child) return;
-
- main->data.file.string = 0;
- main->data.file.used = 0;
- }
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides operate functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_operate_h
-#define _firewall_operate_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Perform the firewall operation.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- * F_child on child process exiting.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: f_directory_list()
- * Errors (with error bit) from: f_memory_array_increase_by()
- * Errors (with error bit) from: firewall_operate_buffer_chain()
- * Errors (with error bit) from: firewall_operate_create_custom_chains()
- * Errors (with error bit) from: firewall_operate_default_lock()
- * Errors (with error bit) from: firewall_operate_delete_chains()
- * Errors (with error bit) from: firewall_operate_rules()
- * Errors (with error bit) from: firewall_operate_process_rules()
- * Errors (with error bit) from: firewall_operate_show()
- *
- * @see f_directory_list()
- * @see f_memory_array_increase_by()
- * @see firewall_operate_buffer_chain()
- * @see firewall_operate_create_custom_chains()
- * @see firewall_operate_default_lock()
- * @see firewall_operate_delete_chains()
- * @see firewall_operate_rules()
- * @see firewall_operate_process_rules()
- * @see firewall_operate_show()
- */
-#ifndef _di_firewall_operate_
- extern void firewall_operate(firewall_main_t * const main);
-#endif // _di_firewall_operate_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_operate_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_operate_buffer_chain_
- void firewall_operate_buffer_chain(firewall_main_t * const main, const f_string_static_t file, const bool optional) {
-
- if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return;
-
- main->data.buffer.used = 0;
- main->data.chain_contents.used = 0;
- main->data.chain_objects.used = 0;
- main->cache.delimits.used = 0;
-
- main->setting.state.status = f_file_open(file, 0, &main->cache.file);
-
- if (F_status_is_error(main->setting.state.status)) {
- if (!optional || optional && F_status_set_fine(main->setting.state.status) != F_file_found_not && F_status_set_fine(main->setting.state.status) != F_file_open && F_status_set_fine(main->setting.state.status) != F_file_descriptor) {
- firewall_print_error_file(&main->program.error, F_status_debug_source_d, file, f_file_operation_open_s, fll_error_file_type_file_e);
-
- return;
- }
- }
-
- main->setting.state.status = f_file_read(main->cache.file, &main->data.buffer);
-
- f_file_stream_flush(main->cache.file);
- f_file_stream_close(&main->cache.file);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error_file(&main->program.error, F_status_debug_source_d, file, f_file_operation_read_s, fll_error_file_type_file_e);
-
- return;
- }
-
- if (main->data.buffer.used) {
- main->data.range.start = 0;
- main->data.range.stop = main->data.buffer.used - 1;
-
- fll_fss_basic_list_read(main->data.buffer, &main->data.range, &main->data.chain_objects, &main->data.chain_contents, &main->cache.delimits, 0, &main->data.comments, &main->setting.state);
-
- if (F_status_is_error(main->setting.state.status)) {
- if (F_status_set_fine(main->setting.state.status) == F_data_not_eos || F_status_set_fine(main->setting.state.status) == F_data_not || F_status_set_fine(main->setting.state.status) == F_data_not_stop) {
- firewall_print_error_file_empty(&main->program.error, file);
- }
- else {
- firewall_print_error_file(&main->program.error, F_status_debug_source_d, file, f_file_operation_process_s, fll_error_file_type_file_e);
- }
-
- return;
- }
- else {
- f_fss_apply_delimit(main->cache.delimits, &main->data.buffer, &main->setting.state);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
- }
- }
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_buffer_chain_
-
-#ifndef _di_firewall_operate_buffer_rules_
- void firewall_operate_buffer_rules(firewall_main_t * const main) {
-
- if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return;
-
- main->cache.delimits.used = 0;
- main->data.rule_contents.used = 0;
- main->data.rule_objects.used = 0;
-
- fll_fss_extended_read(main->data.buffer, &main->data.range, &main->data.rule_objects, &main->data.rule_contents, 0, 0, &main->cache.delimits, 0, &main->setting.state);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- f_fss_apply_delimit(main->cache.delimits, &main->data.buffer, &main->setting.state);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_buffer_rules_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the operate buffer functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_operate_buffer_h
-#define _firewall_operate_buffer_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Buffer firewall chain.
- *
- * The rules being processed are selected from main.data.range within main.data.buffer.
- * Delimits are applied to the main.data.buffer on success.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters:
- * - main.cache.delimits.
- * - main.data.buffer.
- * - main.data.chain_contents.
- * - main.data.chain_objects.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- * F_child on child process exiting.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: f_file_open()
- * Errors (with error bit) from: f_file_read()
- * Errors (with error bit) from: f_fss_apply_delimit()
- * Errors (with error bit) from: fll_fss_basic_list_read()
- * @param file
- * File name to read the rules from.
- * @param optional
- * TRUE if this files is optional.
- * FALSE otherwise (more are errors returned when not optional).
- *
- * @see f_file_open()
- * @see f_file_read()
- * @see f_fss_apply_delimit()
- * @see fll_fss_basic_list_read()
- */
-#ifndef _di_firewall_operate_buffer_chain_
- extern void firewall_operate_buffer_chain(firewall_main_t * const main, const f_string_static_t file, const bool optional);
-#endif // _di_firewall_operate_buffer_chain_
-
-/**
- * Buffer firewall rules.
- *
- * The rules being processed are selected from main.data.range within main.data.buffer.
- * Delimits are applied to the main.data.buffer on success.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters:
- * - main.cache.delimits.
- * - main.data.buffer.
- * - main.data.rule_contents.
- * - main.data.rule_objects.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: f_fss_apply_delimit()
- * Errors (with error bit) from: firewall_operate_process_rules()
- * Errors (with error bit) from: fll_fss_extended_read()
- *
- * @see f_fss_apply_delimit()
- * @see firewall_operate_process_rules()
- * @see fll_fss_extended_read()
- */
-#ifndef _di_firewall_operate_buffer_rules_
- extern void firewall_operate_buffer_rules(firewall_main_t * const main);
-#endif // _di_firewall_operate_buffer_rules_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_operate_buffer_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_operate_chains_
- void firewall_operate_chains(firewall_main_t * const main) {
-
- if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return;
-
- for (f_number_unsigned_t i = 0; i < main->data.chain_contents.used; ++i) {
-
- main->data.range = main->data.chain_contents.array[i].array[0];
-
- if ((main->data.has & firewall_data_has_main_e) && i == main->data.main) {
- main->data.is |= firewall_data_is_main_d;
- }
- else {
- main->data.is &= ~firewall_data_is_main_d;
- }
-
- main->data.chain = i;
-
- firewall_operate_buffer_rules(main);
-
- firewall_operate_rules(main);
-
- if (F_status_is_error(main->setting.state.status) || (main->setting.flag & firewall_main_flag_operation_stop_d) || main->setting.state.status == F_child) return;
- } // for
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_chains_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the operate chains functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_operate_chains_h
-#define _firewall_operate_chains_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Load and operate the each of the Content chains.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters:
- * - main.data.is.
- * - main.data.range.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: firewall_operate_rules()
- *
- * @see firewall_operate_rules()
- */
-#ifndef _di_firewall_operate_chains_
- extern void firewall_operate_chains(firewall_main_t * const main);
-#endif // _di_firewall_operate_chains_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_operate_chains_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_operate_create_custom_chains_
- void firewall_operate_create_custom_chains(firewall_main_t * const main) {
-
- if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return;
-
- uint8_t new_chain = F_false;
- uint8_t create_chain = F_false;
-
- int return_code = 0;
- f_number_unsigned_t i = 0;
- f_number_unsigned_t j = 0;
- f_number_unsigned_t t = 0;
- f_number_unsigned_t length = 0;
-
- const f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s };
-
- main->data.chain_ids.used = 0;
- main->cache.arguments.used = 0;
-
- main->setting.state.status = f_memory_array_increase_by(2, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
-
- if (F_status_is_error_not(main->setting.state.status)) {
- main->setting.state.status = f_memory_array_increase_by(main->data.chain_objects.used, sizeof(f_number_unsigned_t), (void **) &main->data.chain_ids.array, &main->data.chain_ids.used, &main->data.chain_ids.size);
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->cache.arguments.array[0].used = 0;
- main->cache.arguments.array[1].used = 0;
- main->data.chain_ids.used = main->data.chain_objects.used;
- memset(main->data.chain_ids.array, 0, sizeof(f_number_unsigned_t) * main->data.chain_ids.used);
-
- main->setting.state.status = f_string_dynamic_append(firewall_chain_create_operation_s, &main->cache.arguments.array[0]);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->setting.state.status = f_memory_array_increase(F_memory_default_allocation_small_d, sizeof(f_char_t), (void **) &main->cache.arguments.array[1].string, &main->cache.arguments.array[1].used, &main->cache.arguments.array[1].size);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->cache.arguments.used = 2;
- main->data.has = 0;
-
- for (; i < main->data.chain_objects.used; ++i) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- new_chain = F_true;
- j = 0;
-
- // Skip globally reserved chain name: main.
- if (f_compare_dynamic_partial_string(firewall_group_main_s.string, main->data.buffer, firewall_group_main_s.used, main->data.chain_objects.array[i]) == F_equal_to) {
- new_chain = F_false;
- main->data.has |= firewall_data_has_main_e;
- main->data.main = i;
- }
-
- // Skip globally reserved chain name: stop.
- if (f_compare_dynamic_partial_string(firewall_group_stop_s.string, main->data.buffer, firewall_group_stop_s.used, main->data.chain_objects.array[i]) == F_equal_to) {
- new_chain = F_false;
- main->data.has |= firewall_data_has_stop_e;
- main->data.stop = i;
- }
-
- // Skip globally reserved chain name: lock.
- if (f_compare_dynamic_partial_string(firewall_group_lock_s.string, main->data.buffer, firewall_group_lock_s.used, main->data.chain_objects.array[i]) == F_equal_to) {
- new_chain = F_false;
- main->data.has |= firewall_data_has_lock_e;
- main->data.lock = i;
- }
-
- // Skip globally reserved chain name: none.
- if (f_compare_dynamic_partial_string(firewall_chain_none_s.string, main->data.buffer, firewall_chain_none_s.used, main->data.chain_objects.array[i]) == F_equal_to) {
- new_chain = F_false;
- }
-
- if (new_chain) {
- for (; j < main->setting.chains.used; ++j) {
-
- if (f_compare_dynamic_partial_string(main->setting.chains.array[j].string, main->data.buffer, main->setting.chains.array[j].used, main->data.chain_objects.array[i]) == F_equal_to) {
- new_chain = F_false;
- main->data.chain_ids.array[i] = j;
-
- break;
- }
- } // for
- }
-
- if (new_chain) {
- main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->setting.chains.array, &main->setting.chains.used, &main->setting.chains.size);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- create_chain = F_true;
- length = (main->data.chain_objects.array[i].start > main->data.chain_objects.array[i].stop) ? 0 : (main->data.chain_objects.array[i].stop - main->data.chain_objects.array[i].start) + 1;
-
- main->cache.arguments.array[1].used = 0;
-
- main->setting.state.status = f_memory_array_increase_by(length + 1, sizeof(f_char_t), (void **) &main->cache.arguments.array[1].string, &main->cache.arguments.array[1].used, &main->cache.arguments.array[1].size);
-
- if (F_status_is_error_not(main->setting.state.status)) {
- main->setting.state.status = f_memory_array_increase_by(length + 1, sizeof(f_char_t), (void **) &main->setting.chains.array[main->setting.chains.used].string, &main->setting.chains.array[main->setting.chains.used].used, &main->setting.chains.array[main->setting.chains.used].size);
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- f_string_dynamic_partial_append_nulless(main->data.buffer, main->data.chain_objects.array[i], &main->cache.arguments.array[1]);
-
- if (F_status_is_error_not(main->setting.state.status)) {
- f_string_dynamic_partial_append_nulless(main->data.buffer, main->data.chain_objects.array[i], &main->setting.chains.array[main->setting.chains.used]);
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- f_string_dynamic_terminate_after(&main->cache.arguments.array[1]);
-
- if (F_status_is_error_not(main->setting.state.status)) {
- f_string_dynamic_terminate_after(&main->setting.chains.array[main->setting.chains.used]);
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->data.chain_ids.array[i] = main->setting.chains.used;
-
- if (f_compare_dynamic(main->cache.arguments.array[1], firewall_chain_forward_s) == F_equal_to) {
- create_chain = F_false;
- }
- else if (f_compare_dynamic(main->cache.arguments.array[1], firewall_chain_input_s) == F_equal_to) {
- create_chain = F_false;
- }
- else if (f_compare_dynamic(main->cache.arguments.array[1], firewall_chain_output_s) == F_equal_to) {
- create_chain = F_false;
- }
- else if (f_compare_dynamic(main->cache.arguments.array[1], firewall_chain_postrouting_s) == F_equal_to) {
- create_chain = F_false;
- }
- else if (f_compare_dynamic(main->cache.arguments.array[1], firewall_chain_prerouting_s) == F_equal_to) {
- create_chain = F_false;
- }
-
- if (create_chain) {
- for (t = 0; t < 2; ++t) {
-
- if (!tools[t].used) continue;
-
- return_code = 0;
-
- firewall_print_debug_tool(&main->program.warning, tools[t], main->cache.arguments);
-
- main->setting.state.status = fll_execute_program(tools[t], main->cache.arguments, 0, 0, (void *) &return_code);
-
- if (main->setting.state.status == F_child) {
- main->program.child = return_code;
-
- return;
- }
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- if (return_code && F_status_is_error_not(main->setting.state.status)) {
- firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code);
- }
-
- if (main->setting.state.status == F_child) {
- main->program.child = return_code;
-
- return;
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- if (F_status_set_fine(main->setting.state.status) == F_failure) {
- firewall_print_error_operation(&main->program.error, tools[t], main->cache.arguments);
- }
- else {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
- }
-
- return;
- }
- } // for
- }
-
- ++main->setting.chains.used;
- }
- } // for
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_create_custom_chains_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the operate create functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_operate_create_h
-#define _firewall_operate_create_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Apply firewall rules for creating custom chains.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- * F_child on child process exiting.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: f_memory_array_increase()
- * Errors (with error bit) from: f_memory_array_increase_by()
- * Errors (with error bit) from: f_string_dynamic_append()
- * Errors (with error bit) from: fll_execute_program()
- * @param file
- * File name to read the rules from.
- * @param optional
- * TRUE if this files is optional.
- * FALSE otherwise (more are errors returned when not optional).
- *
- * @see f_memory_array_increase()
- * @see f_memory_array_increase_by()
- * @see f_string_dynamic_append()
- * @see fll_execute_program()
- */
-#ifndef _di_firewall_operate_create_custom_chains_
- extern void firewall_operate_create_custom_chains(firewall_main_t * const main);
-#endif // _di_firewall_operate_create_custom_chains_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_operate_create_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_operate_default_lock_
- void firewall_operate_default_lock(firewall_main_t * const main) {
-
- if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return;
-
- const f_string_static_t chains[3] = { firewall_chain_input_s, firewall_chain_output_s, firewall_chain_forward_s };
- const f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s };
-
- f_string_statics_t arguments = f_string_statics_t_initialize;
- arguments.used = 3;
-
- f_string_static_t argument_array[arguments.used];
- arguments.array = argument_array;
- arguments.array[0] = firewall_action_policy_operation_s;
- arguments.array[2] = firewall_chain_drop_s;
-
- int return_code = 0;
- uint8_t i = 0;
- uint8_t t = 0;
-
- for (; i < 3; ++i) {
-
- arguments.array[1] = chains[i];
-
- for (t = 0; t < 2; ++t) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- if (!tools[t].used) continue;
-
- firewall_print_debug_tool(&main->program.warning, tools[t], arguments);
-
- return_code = 0;
-
- main->setting.state.status = fll_execute_program(tools[t], arguments, 0, 0, (void *) &return_code);
-
- if (main->setting.state.status == F_child) {
- main->program.child = return_code;
-
- return;
- }
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- if (F_status_is_error(main->setting.state.status)) {
- if (F_status_set_fine(main->setting.state.status) == F_failure) {
- firewall_print_error_operation(&main->program.error, tools[t], arguments);
- }
- else {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
- }
-
- return;
- }
- else if (return_code) {
- firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code);
- }
- } // for
- } // for
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_default_lock_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the operate default functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_operate_default_h
-#define _firewall_operate_default_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Apply firewall rules intended to lock down the firewall.
- *
- * This is intended to setup the firewall with rules that prevent access to or from the network.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- * F_child on child process exiting.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: fll_execute_program()
- *
- * @see fll_execute_program()
- */
-#ifndef _di_firewall_operate_default_lock_
- extern void firewall_operate_default_lock(firewall_main_t * const main);
-#endif // _di_firewall_operate_default_lock_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_operate_default_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_operate_delete_chains_
- void firewall_operate_delete_chains(firewall_main_t * const main) {
-
- if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return;
-
- const f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s };
- const f_string_static_t command[2] = { firewall_chain_flush_operation_s, firewall_chain_delete_operation_s };
-
- f_string_statics_t arguments = f_string_statics_t_initialize;
- arguments.used = 1;
-
- f_string_static_t argument_array[arguments.used];
- arguments.array = argument_array;
- argument_array[0] = firewall_chain_flush_operation_s;
-
- int return_code = 0;
- uint8_t i = 0;
- uint8_t t = 0;
-
- for (i = 0; i < 2; ++i) {
-
- argument_array[0] = command[i];
-
- for (t = 0; t < 2; ++t) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- if (!tools[t].used) continue;
-
- return_code = 0;
-
- firewall_print_debug_tool(&main->program.warning, tools[t], arguments);
-
- main->setting.state.status = fll_execute_program(tools[t], arguments, 0, 0, (void *) &return_code);
-
- if (main->setting.state.status == F_child) {
- main->program.child = return_code;
-
- return;
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- if (F_status_set_fine(main->setting.state.status) == F_failure) {
- firewall_print_error_operation(&main->program.error, tools[t], arguments);
- }
- else {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
- }
-
- return;
- }
- else if (return_code) {
- firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code);
- }
- } // for
- } // for
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_delete_chains_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the operate delete functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_operate_delete_h
-#define _firewall_operate_delete_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
- /**
- * Unapply (remove) the firewall rules, deleting all existing firewall rules being used.
- *
- * This function is not about de-allocating memory.
- * This function is not about modifying settings or files.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- * F_child on child process exiting.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: fll_execute_program()
- *
- * @see fll_execute_program()
- */
-#ifndef _di_firewall_operate_delete_chains_
- extern void firewall_operate_delete_chains(firewall_main_t * const main);
-#endif // _di_firewall_operate_delete_chains_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_operate_delete_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_operate_process_rules_perform_
- void firewall_operate_process_rules(firewall_main_t * const main) {
-
- if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return;
-
- uint8_t valid = F_true;
- uint8_t is_ip_list = F_false;
- uint8_t ip_list_direction = F_false; // false = source, true = destination.
- uint8_t use_protocol = F_false;
- uint8_t chain = firewall_chain_none_e;
- uint8_t direction = firewall_direction_none_e;
- uint8_t action = firewall_action_append_e;
-
- int return_code = 0;
- f_number_unsigned_t at = 0;
- f_number_unsigned_t i = 0;
- f_number_unsigned_t t = 0;
-
- // Set the default here, but allow for the firewall rules to override these settings.
- f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s };
-
- f_ranges_t * const rule_objects = &main->data.rule_objects;
- f_rangess_t * const rule_contents = &main->data.rule_contents;
-
- if (!(main->data.is & firewall_data_is_global_d)) {
- if (main->setting.devices.array[main->data.device].used) {
- main->cache.device.used = 0;
-
- main->setting.state.status = f_string_dynamic_append(main->setting.devices.array[main->data.device], &main->cache.device);
- if (F_status_is_error(main->setting.state.status)) return;
- }
- }
-
- // For custom chains, the chain command may not be specified.
- if (!(main->data.is & firewall_data_is_stop_main_lock_d)) {
- chain = firewall_chain_custom_e;
- }
-
- for (; i < rule_objects->used; ++i) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- valid = F_true;
- is_ip_list = F_false;
- ip_list_direction = F_false;
-
- main->cache.ip_list.used = 0;
-
- // Process chain rule.
- if (f_compare_dynamic_partial_string(firewall_chain_s.string, main->data.buffer, firewall_chain_s.used, rule_objects->array[i]) == F_equal_to) {
- if (chain == firewall_chain_custom_e) {
-
- // Custom chains can only apply to themselves, so silently ignore chain commands specified within a custom chain.
- firewall_print_warning_chain_meaningless_line(&main->program.warning, i);
-
- continue;
- }
-
- if (rule_contents->array[i].used != 1) {
- valid = F_false;
- }
- else if (f_compare_dynamic_partial_string(firewall_chain_input_s.string, main->data.buffer, firewall_chain_input_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- chain = firewall_chain_input_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_chain_output_s.string, main->data.buffer, firewall_chain_output_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- chain = firewall_chain_output_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_chain_forward_s.string, main->data.buffer, firewall_chain_forward_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- chain = firewall_chain_forward_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_chain_postrouting_s.string, main->data.buffer, firewall_chain_postrouting_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- chain = firewall_chain_postrouting_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_chain_prerouting_s.string, main->data.buffer, firewall_chain_prerouting_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- chain = firewall_chain_prerouting_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_chain_none_s.string, main->data.buffer, firewall_chain_none_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- chain = firewall_chain_none_e;
- }
- else {
- valid = F_false;
- }
-
- if (valid) continue;
- }
-
- // Process direction rule
- else if (f_compare_dynamic_partial_string(firewall_direction_s.string, main->data.buffer, firewall_direction_s.used, rule_objects->array[i]) == F_equal_to) {
- if (rule_contents->array[i].used != 1) {
- valid = F_false;
- }
- else if (f_compare_dynamic_partial_string(firewall_direction_input_s.string, main->data.buffer, firewall_direction_input_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- direction = firewall_direction_input_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_direction_output_s.string, main->data.buffer, firewall_direction_output_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- direction = firewall_direction_output_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_direction_none_s.string, main->data.buffer, firewall_direction_none_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- direction = firewall_direction_none_e;
- }
- else {
-
- // Direction must be specified, and no custom directions are allowed.
- valid = F_false;
- }
-
- if (valid) continue;
- }
-
- // Process device rule.
- else if (f_compare_dynamic_partial_string(firewall_device_s.string, main->data.buffer, firewall_device_s.used, rule_objects->array[i]) == F_equal_to) {
- if (rule_contents->array[i].used != 1) {
- valid = F_false;
- }
- else if (f_compare_dynamic_partial_string(firewall_device_all_s.string, main->data.buffer, firewall_device_all_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- main->cache.device.used = 0;
-
- continue;
- }
- else if (f_compare_dynamic_partial_string(firewall_device_this_s.string, main->data.buffer, firewall_device_this_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- if (main->setting.devices.array[main->data.device].used) {
- main->setting.state.status = f_string_dynamic_append(main->setting.devices.array[main->data.device], &main->cache.device);
- }
- else {
- main->cache.device.used = 0;
- }
-
- if (F_status_is_error(main->setting.state.status)) return;
-
- continue;
- }
-
- if (valid) {
- main->cache.device.used = 0;
-
- main->setting.state.status = f_string_dynamic_partial_append(main->data.buffer, rule_contents->array[i].array[0], &main->cache.device);
- if (F_status_is_error(main->setting.state.status)) return;
-
- continue;
- }
- }
-
- // Process action rule.
- else if (f_compare_dynamic_partial_string(firewall_action_s.string, main->data.buffer, firewall_action_s.used, rule_objects->array[i]) == F_equal_to) {
- if (rule_contents->array[i].used != 1) {
- valid = F_false;
- }
- else if (f_compare_dynamic_partial_string(firewall_action_append_s.string, main->data.buffer, firewall_action_append_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- action = firewall_action_append_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_action_insert_s.string, main->data.buffer, firewall_action_insert_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- action = firewall_action_insert_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_action_policy_s.string, main->data.buffer, firewall_action_policy_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- action = firewall_action_policy_e;
- }
- else if (f_compare_dynamic_partial_string(firewall_action_none_s.string, main->data.buffer, firewall_action_none_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- action = firewall_action_none_e;
- }
- else {
- valid = F_false;
- }
-
- if (valid) continue;
- }
-
- // Process ip_list rule.
- else if (f_compare_dynamic_partial_string(firewall_ip_list.string, main->data.buffer, firewall_ip_list.used, rule_objects->array[i]) == F_equal_to) {
- is_ip_list = F_true;
-
- if (f_compare_dynamic_partial_string(firewall_ip_list_source_s.string, main->data.buffer, firewall_ip_list_source_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- ip_list_direction = F_false;
- }
- else if (f_compare_dynamic_partial_string(firewall_ip_list_destination_s.string, main->data.buffer, firewall_ip_list_destination_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- ip_list_direction = F_true;
- }
- else {
- valid = F_false;
- }
- }
-
- // Process protocol rule.
- else if (f_compare_dynamic_partial_string(firewall_protocol_s.string, main->data.buffer, firewall_protocol_s.used, rule_objects->array[i]) == F_equal_to) {
- if (rule_contents->array[i].used != 1) {
- valid = F_false;
- }
- else {
- if (f_compare_dynamic_partial_string(firewall_protocol_none_s.string, main->data.buffer, firewall_protocol_none_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- use_protocol = F_false;
- }
- else if (rule_contents->array[i].array[0].start <= rule_contents->array[i].array[0].stop) {
- main->cache.protocol.used = 0;
-
- main->setting.state.status = f_string_dynamic_partial_append(main->data.buffer, rule_contents->array[i].array[0], &main->cache.protocol);
- if (F_status_is_error(main->setting.state.status)) return;
-
- use_protocol = F_true;
- }
- else {
- use_protocol = F_false;
- }
-
- continue;
- }
- }
-
- // Process tool rule.
- else if (f_compare_dynamic_partial_string(firewall_tool_s.string, main->data.buffer, firewall_tool_s.used, rule_objects->array[i]) == F_equal_to) {
- if (rule_contents->array[i].used != 1) {
- valid = F_false;
- }
- else {
- if (f_compare_dynamic_partial_string(firewall_tool_iptables_s.string, main->data.buffer, firewall_tool_iptables_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- tools[0] = (main->setting.flag & firewall_main_flag_ipv4_d) ? firewall_tool_iptables_s : f_string_empty_s;
- tools[1] = f_string_empty_s;
- }
- else if (f_compare_dynamic_partial_string(firewall_tool_ip6tables_s.string, main->data.buffer, firewall_tool_ip6tables_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- tools[0] = f_string_empty_s;
- tools[1] = (main->setting.flag & firewall_main_flag_ipv6_d) ? firewall_tool_ip6tables_s : f_string_empty_s;
- }
- else if (f_compare_dynamic_partial_string(firewall_tool_ip46tables_s.string, main->data.buffer, firewall_tool_ip46tables_s.used, rule_contents->array[i].array[0]) == F_equal_to) {
- tools[0] = (main->setting.flag & firewall_main_flag_ipv4_d) ? firewall_tool_iptables_s : f_string_empty_s;
- tools[1] = (main->setting.flag & firewall_main_flag_ipv6_d) ? firewall_tool_ip6tables_s : f_string_empty_s;
- }
- else {
- valid = F_false;
- }
-
- if (valid) continue;
- }
- }
-
- // If the remaining rule does not match as firewall_rule_s, then it is an invalid rule.
- else if (f_compare_dynamic_partial_string(firewall_rule_s.string, main->data.buffer, firewall_rule_s.used, rule_objects->array[i]) == F_equal_to_not) {
- firewall_print_warning_object_invalid_missing_line(&main->program.warning, i, main->data.buffer, main->data.rule_objects.array[i]);
-
- continue;
- }
-
- if (!valid) {
- firewall_print_warning_content_invalid_missing_line(&main->program.warning, i, main->data.buffer, main->data.rule_objects.array[i]);
-
- continue;
- }
-
- for (t = 0; t < 2; ++t) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- if (!tools[t].used) continue;
-
- // First add the program name.
- main->cache.arguments.used = 0;
-
- main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
- if (F_status_is_error(main->setting.state.status)) return;
-
- // Process the action when a non-none chain is specified.
- if (chain != firewall_chain_none_e && action != firewall_action_none_e) {
- main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
- if (F_status_is_error(main->setting.state.status)) return;
-
- main->cache.arguments.array[main->cache.arguments.used].used = 0;
-
- if (action == firewall_action_append_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_action_append_operation_s, &main->cache.arguments.array[main->cache.arguments.used]);
- }
- else if (action == firewall_action_insert_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_action_insert_operation_s, &main->cache.arguments.array[main->cache.arguments.used]);
- }
- else if (action == firewall_action_policy_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_action_policy_operation_s, &main->cache.arguments.array[main->cache.arguments.used]);
- }
-
- if (F_status_is_error(main->setting.state.status)) return;
-
- if (action == firewall_action_append_e || action == firewall_action_insert_e || action == firewall_action_policy_e) {
- ++main->cache.arguments.used;
-
- main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
- if (F_status_is_error(main->setting.state.status)) return;
-
- main->cache.arguments.array[main->cache.arguments.used].used = 0;
- main->setting.state.status = F_data_not;
-
- // Process the chain, which is required by the action.
- if (chain == firewall_chain_custom_e) {
- main->setting.state.status = f_string_dynamic_append(main->setting.chains.array[main->data.chain_ids.array[main->data.chain]], &main->cache.arguments.array[main->cache.arguments.used]);
- }
- else if (chain == firewall_chain_forward_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_chain_forward_s, &main->cache.arguments.array[main->cache.arguments.used]);
- }
- else if (chain == firewall_chain_postrouting_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_chain_postrouting_s, &main->cache.arguments.array[main->cache.arguments.used]);
- }
- else if (chain == firewall_chain_prerouting_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_chain_prerouting_s, &main->cache.arguments.array[main->cache.arguments.used]);
- }
- else if (chain == firewall_chain_input_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_chain_input_s, &main->cache.arguments.array[main->cache.arguments.used]);
- }
- else if (chain == firewall_chain_output_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_chain_output_s, &main->cache.arguments.array[main->cache.arguments.used]);
- }
-
- if (F_status_is_error(main->setting.state.status)) return;
-
- if (main->setting.state.status == F_data_not) {
- main->setting.state.status = F_okay;
- }
- else {
- ++main->cache.arguments.used;
- }
- }
- }
-
- // Add the device if and only if a non-none direction is specified.
- if (main->cache.device.used && (direction == firewall_direction_input_e || direction == firewall_direction_output_e)) {
- if (f_compare_dynamic_partial_string(firewall_device_all_s.string, main->data.buffer, firewall_device_all_s.used, rule_contents->array[i].array[0]) == F_equal_to_not) {
- main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
- if (F_status_is_error(main->setting.state.status)) return;
-
- main->cache.arguments.array[main->cache.arguments.used].used = 0;
-
- if (direction == firewall_direction_input_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_device_input_operation_s, &main->cache.arguments.array[main->cache.arguments.used]);
- if (F_status_is_error(main->setting.state.status)) return;
-
- ++main->cache.arguments.used;
- }
- else if (direction == firewall_direction_output_e) {
- main->setting.state.status = f_string_dynamic_append(firewall_device_output_operation_s, &main->cache.arguments.array[main->cache.arguments.used]);
- if (F_status_is_error(main->setting.state.status)) return;
-
- ++main->cache.arguments.used;
- }
- }
-
- // Add the device.
- if (main->cache.device.used) {
- main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
- if (F_status_is_error(main->setting.state.status)) return;
-
- main->cache.arguments.array[main->cache.arguments.used].used = 0;
-
- main->setting.state.status = f_string_dynamic_append(main->cache.device, &main->cache.arguments.array[main->cache.arguments.used]);
- if (F_status_is_error(main->setting.state.status)) return;
-
- ++main->cache.arguments.used;
- }
- }
-
- if (use_protocol) {
- main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
- if (F_status_is_error(main->setting.state.status)) return;
-
- main->cache.arguments.array[main->cache.arguments.used].used = 0;
-
- main->setting.state.status = f_string_dynamic_append(firewall_protocol_operation_s, &main->cache.arguments.array[main->cache.arguments.used]);
- if (F_status_is_error(main->setting.state.status)) return;
-
- ++main->cache.arguments.used;
-
- if (main->cache.protocol.used) {
- main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
- if (F_status_is_error(main->setting.state.status)) return;
-
- main->cache.arguments.array[main->cache.arguments.used].used = 0;
-
- main->setting.state.status = f_string_dynamic_append(main->cache.protocol, &main->cache.arguments.array[main->cache.arguments.used]);
- if (F_status_is_error(main->setting.state.status)) return;
-
- ++main->cache.arguments.used;
- }
- }
-
- // Last up is the "rule".
- if ((!is_ip_list && rule_contents->array[i].used > 0) || (is_ip_list && rule_contents->array[i].used > 1)) {
- at = 0;
-
- if (is_ip_list) {
-
- // Skip past the chain.
- ++at;
-
- if (rule_contents->array[i].array[at].start <= rule_contents->array[i].array[at].stop) {
- main->cache.ip_list.used = 0;
-
- main->setting.state.status = f_string_dynamic_partial_append(main->data.buffer, rule_contents->array[i].array[at], &main->cache.ip_list);
-
- if (F_status_is_error(main->setting.state.status)) {
-
- // Prevent the loop below from being processed.
- at = rule_contents->array[i].used;
- }
- else {
- ++at;
- }
- }
- }
-
- main->setting.state.status = f_memory_array_increase_by(rule_contents->array[i].used, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
- if (F_status_is_error(main->setting.state.status)) return;
-
- for (; at < rule_contents->array[i].used; ++at) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- if (rule_contents->array[i].array[at].start <= rule_contents->array[i].array[at].stop) {
- main->cache.arguments.array[main->cache.arguments.used].used = 0;
-
- main->setting.state.status = f_string_dynamic_partial_append(main->data.buffer, rule_contents->array[i].array[at], &main->cache.arguments.array[main->cache.arguments.used]);
- if (F_status_is_error(main->setting.state.status)) return;
-
- ++main->cache.arguments.used;
- }
- } // for
- }
- else {
- firewall_print_warning_content_invalid_missing_line(&main->program.warning, i, main->data.buffer, main->data.rule_objects.array[i]);
-
- break;
- }
-
- // Now execute the generated commands.
- if (main->cache.arguments.used > 1) {
- if (is_ip_list) {
- main->cache.basic_objects.used = 0;
- main->cache.basic_contents.used = 0;
- main->cache.buffer.used = 0;
- main->cache.delimits.used = 0;
- main->cache.path_file_specific.used = 0;
-
- main->setting.state.status = f_string_dynamic_append(firewall_network_firewall_path_s, &main->cache.path_file_specific);
-
- if (F_status_is_error_not(main->setting.state.status)) {
- main->setting.state.status = f_string_dynamic_append(main->cache.ip_list, &main->cache.path_file_specific);
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->setting.state.status = f_file_open(main->cache.path_file_specific, 0, &main->cache.file);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error_file(&main->program.error, F_status_debug_source_d, main->cache.path_file_specific, f_file_operation_open_s, fll_error_file_type_file_e);
-
- f_file_stream_close(&main->cache.file);
-
- return;
- }
-
- main->setting.state.status = f_file_read(main->cache.file, &main->cache.buffer);
-
- f_file_stream_close(&main->cache.file);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error_file(&main->program.error, F_status_debug_source_d, main->cache.path_file_specific, f_file_operation_read_s, fll_error_file_type_file_e);
-
- return;
- }
-
- main->cache.delimits.used = 0;
-
- if (main->cache.buffer.used) {
- main->data.range.start = 0;
- main->data.range.stop = main->cache.buffer.used - 1;
- }
- else {
- main->data.range.start = 1;
- main->data.range.stop = 0;
- }
-
- fll_fss_basic_read(main->cache.buffer, &main->data.range, &main->cache.basic_objects, &main->cache.basic_contents, 0, &main->cache.delimits, 0, &main->setting.state);
-
- if (F_status_is_error(main->setting.state.status)) {
- if (F_status_set_fine(main->setting.state.status) == F_data_not_eos || F_status_set_fine(main->setting.state.status) == F_data_not || F_status_set_fine(main->setting.state.status) == F_data_not_stop) {
- // Empty files are to be silently ignored.
- }
- else {
- firewall_print_error_file(&main->program.error, F_status_debug_source_d, main->cache.path_file_specific, f_file_operation_read_s, fll_error_file_type_file_e);
-
- return;
- }
- }
-
- f_fss_apply_delimit(main->cache.delimits, &main->cache.buffer, &main->setting.state);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
- }
-
- if (F_status_is_error_not(main->setting.state.status)) {
- main->setting.state.status = f_memory_array_increase_by(2, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- main->cache.arguments.array[main->cache.arguments.used].used = 0;
-
- main->setting.state.status = f_string_dynamic_append(ip_list_direction ? firewall_ip_list_destination_action_s : firewall_ip_list_source_action_s, &main->cache.arguments.array[main->cache.arguments.used]);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- ++main->cache.arguments.used;
-
- // The ip_list file contains objects and no content, all objects are what matter an nothing else.
- for (at = 0; at < main->cache.basic_objects.used; ++at) {
-
- if (macro_firewall_signal_check(&main->program, &main->setting.state)) return;
-
- main->cache.arguments.array[main->cache.arguments.used].used = 0;
-
- main->setting.state.status = f_string_dynamic_partial_append(main->cache.buffer, main->cache.basic_objects.array[at], &main->cache.arguments.array[main->cache.arguments.used]);
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
-
- return;
- }
-
- ++main->cache.arguments.used;
- return_code = 0;
-
- firewall_print_debug_tool(&main->program.warning, tools[t], main->cache.arguments);
-
- main->setting.state.status = fll_execute_program(tools[t], main->cache.arguments, 0, 0, (void *) &return_code);
-
- if (main->setting.state.status == F_child) {
- main->program.child = return_code;
-
- return;
- }
-
- // Remove ip_argument from arguments string.
- --main->cache.arguments.used;
-
- if (F_status_is_error(main->setting.state.status)) {
- if (F_status_set_fine(main->setting.state.status) == F_failure) {
- firewall_print_error_operation(&main->program.error, tools[t], main->cache.arguments);
- }
- else {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
- }
-
- return;
- }
- else if (return_code) {
- firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code);
- }
- } // for
-
- // Remove ip_list_action from arguments string.
- --main->cache.arguments.used;
- }
-
- if (F_status_set_fine(main->setting.state.status) == F_failure || F_status_set_fine(main->setting.state.status) == F_parameter) return;
- }
- else {
- return_code = 0;
-
- firewall_print_debug_tool(&main->program.warning, tools[t], main->cache.arguments);
-
- main->setting.state.status = fll_execute_program(tools[t], main->cache.arguments, 0, 0, (void *) &return_code);
-
- if (main->setting.state.status == F_child) {
- main->program.child = return_code;
-
- return;
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- if (F_status_set_fine(main->setting.state.status) == F_failure) {
- firewall_print_error_operation(&main->program.error, tools[t], main->cache.arguments);
- }
- else {
- firewall_print_error(&main->program.error, F_status_debug_source_d);
- }
-
- return;
- }
- else if (return_code) {
- firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code);
- }
- }
- }
- } // for
- } // for
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_process_rules_perform_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the operate process functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_operate_process_h
-#define _firewall_operate_process_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Perforrm the loaded firewall rules.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: ()
- *
- * @see ()
- */
-#ifndef _di_firewall_operate_process_rules_
- extern void firewall_operate_process_rules(firewall_main_t * const main);
-#endif // _di_firewall_operate_process_rules_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_operate_process_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_operate_rules_
- void firewall_operate_rules(firewall_main_t * const main) {
-
- if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return;
-
- firewall_operate_process_rules(main);
-
- if (F_status_is_error(main->setting.state.status)) {
- if (F_status_set_fine(main->setting.state.status) != F_failure && F_status_set_fine(main->setting.state.status) != F_interrupt) {
- firewall_print_error_unhandled(&main->program.error, F_status_debug_source_d, f_string_empty_s);
- }
-
- return;
- }
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_rules_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the operate rules functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_operate_rules_h
-#define _firewall_operate_rules_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Operate the rules.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: f_fss_apply_delimit()
- * Errors (with error bit) from: firewall_operate_process_rules()
- * Errors (with error bit) from: fll_fss_extended_read()
- *
- * @see f_fss_apply_delimit()
- * @see firewall_operate_process_rules()
- * @see fll_fss_extended_read()
- */
-#ifndef _di_firewall_operate_rules_
- extern void firewall_operate_rules(firewall_main_t * const main);
-#endif // _di_firewall_operate_rules_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_operate_rules_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_operate_show_
- void firewall_operate_show(firewall_main_t * const main) {
-
- if (!main) return;
-
- int return_code = 0;
-
- f_string_statics_t parameters = f_string_statics_t_initialize;
- parameters.used = 6;
-
- f_string_static_t show_nats[] = {
- firewall_show_parameter_exact_s,
- firewall_show_parameter_verbose_s,
- firewall_show_parameter_table_s,
- firewall_show_nat_s,
- firewall_show_parameter_numeric_s,
- firewall_show_parameter_list_s,
- };
-
- f_string_static_t show_mangles[] = {
- firewall_show_parameter_exact_s,
- firewall_show_parameter_verbose_s,
- firewall_show_parameter_table_s,
- firewall_show_mangle_s,
- firewall_show_parameter_numeric_s,
- firewall_show_parameter_list_s,
- };
-
- f_string_static_t show_filters[] = {
- firewall_show_parameter_exact_s,
- firewall_show_parameter_verbose_s,
- firewall_show_parameter_numeric_s,
- firewall_show_parameter_list_s,
- };
-
- f_string_static_t * const show_arrays[] = {
- show_nats,
- show_mangles,
- show_filters,
- };
-
- const f_number_unsigned_t show_lengths[] = {
- 6,
- 6,
- 4,
- };
-
- const f_string_static_t show_lefts[] = {
- firewall_print_show_bars_27_s,
- firewall_print_show_bars_26_s,
- firewall_print_show_bars_26_s,
- };
-
- const f_string_static_t show_headers[] = {
- firewall_print_show_nat_s,
- firewall_print_show_mangle_s,
- firewall_print_show_filter_s,
- };
-
- const f_string_static_t show_rights[] = {
- firewall_print_show_bars_28_s,
- firewall_print_show_bars_26_s,
- firewall_print_show_bars_26_s,
- };
-
- const uint16_t show_flags[] = {
- firewall_main_flag_operation_show_nat_d,
- firewall_main_flag_operation_show_mangle_d,
- firewall_main_flag_operation_show_filter_d,
- };
-
- const f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s };
-
- uint8_t i = 0;
- uint8_t t = 0;
-
- for (; t < 2; ++t) {
-
- if (!tools[t].used) continue;
-
- for (i = 0; i < 3; ++i) {
-
- if (!show_flags[i]) continue;
-
- parameters.array = show_arrays[i];
- parameters.used = show_lengths[i];
- return_code = 0;
-
- // A newline should be printed before each inner message header, but not the first.
- if (i) {
- f_print_dynamic_raw(f_string_eol_s, main->program.output.to);
- }
-
- firewall_print_message_show_header(&main->program.output, show_lefts[i], show_headers[i], show_rights[i], t);
-
- main->setting.state.status = fll_execute_program(tools[t], parameters, 0, 0, (void *) &return_code);
-
- if (main->setting.state.status == F_child) {
- main->program.child = return_code;
-
- return;
- }
-
- if (F_status_is_error(main->setting.state.status)) {
- firewall_print_error_operation(&main->program.error, tools[t], parameters);
-
- return;
- }
-
- if (return_code) {
- firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code);
- }
- } // for
- } // for
-
- main->setting.state.status = F_okay;
- }
-#endif // _di_firewall_operate_show_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the operate show functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_operate_show_h
-#define _firewall_operate_show_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Perform the firewall show operation.
- *
- * @param main
- * The main program and setting data.
- *
- * This alters main.setting.state.status:
- * F_okay on success.
- * F_child on child process exiting.
- *
- * F_interrupt (with error bit) on interrupt signal received.
- *
- * Errors (with error bit) from: fll_execute_program()
- * Errors (with error bit) from: fll_print_dynamic_raw()
- *
- * @see fll_execute_program()
- * @see fll_print_dynamic_raw()
- */
-#ifndef _di_firewall_operate_show_
- extern void firewall_operate_show(firewall_main_t * const main);
-#endif // _di_firewall_operate_show_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_operate_show_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_print_debug_tool_
- f_status_t firewall_print_debug_tool(fl_print_t * const print, const f_string_static_t tool, const f_string_statics_t arguments) {
-
- if (!print) return F_status_set_error(F_output_not);
- if (print->verbosity != f_console_verbosity_debug_e) return F_output_not;
-
- f_file_stream_lock(print->to);
-
- fl_print_format("%[%Q", print->to, print->context, tool);
-
- for (f_number_unsigned_t i = 0; i < arguments.used; ++i) {
- fl_print_format(" %Q", print->to, arguments.array[i]);
- } // for
-
- fl_print_format("%]%r", print->to, print->context, f_string_eol_s);
-
- f_file_stream_unlock(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_debug_tool_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the print debug functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_print_debug_h
-#define _firewall_print_debug_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Print debug information about tool execution.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param tool
- * The name of the function associated with the error.
- * @param arguments
- * The name of the file, if this error is assocaited with a file.
- * Otherwise, set file.used to 0 to not have an file related error message.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- */
-#ifndef _di_firewall_print_debug_tool_
- extern f_status_t firewall_print_debug_tool(fl_print_t * const print, const f_string_static_t tool, const f_string_statics_t arguments);
-#endif // _di_firewall_print_debug_tool_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_print_debug_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_print_error_
- f_status_t firewall_print_error(fl_print_t * const print, const f_string_t debug) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_error_e) return F_output_not;
-
- fll_error_print(print, F_status_set_fine(((firewall_main_t *) print->custom)->setting.state.status), debug, fll_error_file_flag_fallback_e);
-
- return F_okay;
- }
-#endif // _di_firewall_print_error_
-
-#ifndef _di_firewall_print_error_file_
- f_status_t firewall_print_error_file(fl_print_t * const print, const f_string_t debug, const f_string_static_t name, const f_string_static_t operation, const uint8_t type) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_error_e) return F_output_not;
-
- fll_error_file_print(print, F_status_set_fine(((firewall_main_t *) print->custom)->setting.state.status), debug, fll_error_file_flag_fallback_e, name, operation, type);
-
- return F_okay;
- }
-#endif // _di_firewall_print_error_file_
-
-#ifndef _di_firewall_print_error_file_empty_
- f_status_t firewall_print_error_file_empty(fl_print_t * const print, const f_string_static_t file) {
-
- if (!print) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_error_e) return F_output_not;
-
- f_file_stream_lock(print->to);
-
- fl_print_format("%[%QNo relevant data is found within the file '%]", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, file, print->notable);
- fl_print_format(f_string_format_sentence_end_single_quote_s.string, print->to, print->context, print->context, f_string_eol_s);
-
- f_file_stream_unlock(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_error_file_empty_
-
-#ifndef _di_firewall_print_error_network_device_none_
- f_status_t firewall_print_error_network_device_none(fl_print_t * const print) {
-
- if (!print) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_error_e) return F_output_not;
-
- fll_print_format("%[%QCould not find any network devices.%]%r", print->to, print->context, print->prefix, print->context, f_string_eol_s);
-
- return F_okay;
- }
-#endif // _di_firewall_print_error_network_device_none_
-
-#ifndef _di_firewall_print_error_operation_
- f_status_t firewall_print_error_operation(fl_print_t * const print, const f_string_static_t tool, const f_string_statics_t arguments) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_error_e) return F_output_not;
-
- firewall_main_t * const main = (firewall_main_t *) print->custom;
-
- f_file_stream_lock(print->to);
-
- if (F_status_set_fine(main->setting.state.status) == F_memory_not) {
- fl_print_format("%[%QOut of memory while performing requested %r operation '%]", print->to, print->context, print->prefix, tool, print->context);
- }
- else {
- fl_print_format("%[%QFailed to perform requested %r operation '%]", print->to, print->context, print->prefix, tool, print->context);
- }
-
- fl_print_format("%[%Q", print->to, print->set->notable, tool);
-
- for (f_number_unsigned_t i = 0; i < arguments.used; ++i) {
- fl_print_format(" %Q", print->to, arguments.array[i]);
- } // for
-
- fl_print_format("%]%[', error code is%] ", print->to, print->set->notable, print->context, print->context);
- fl_print_format(f_string_format_ui_single_s.string, print->to, print->set->notable, F_status_set_fine(main->setting.state.status), print->set->notable);
- fl_print_format(f_string_format_sentence_end_single_s.string, print->to, print->context, print->context, f_string_eol_s);
-
- f_file_stream_unlock(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_error_operation_
-
-#ifndef _di_firewall_print_error_operation_files_missing_
- f_status_t firewall_print_error_operation_files_missing(fl_print_t * const print, const f_string_static_t operation, const f_string_static_t file) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
- if (print->verbosity == f_console_verbosity_quiet_e) return F_output_not;
-
- f_file_stream_lock(print->to);
-
- fl_print_format("%[%QFailed to perform%] ", print->to, print->context, print->prefix);
- fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, operation, print->notable);
- fl_print_format(" %[request because the%] ", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, operation, print->notable);
- fl_print_format(" %[instructions are missing from '%]", print->to, print->set->error, print->set->error);
- fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, file, print->notable);
- fl_print_format(f_string_format_sentence_end_single_quote_s.string, print->to, print->set->error, print->set->error, f_string_eol_s);
-
- f_file_stream_unlock(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_error_operation_files_missing_
-
-#ifndef _di_firewall_print_error_operation_return_code_
- f_status_t firewall_print_error_operation_return_code(fl_print_t * const print, const f_string_static_t tool, const f_string_statics_t arguments, const int return_code) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_error_e) return F_output_not;
-
- f_file_stream_lock(print->to);
-
- fl_print_format("%[%QThe operation '%]", print->to, print->context, print->prefix, tool, print->context);
- fl_print_format("%[%Q", print->to, print->set->notable, tool);
-
- for (f_number_unsigned_t i = 0; i < arguments.used; ++i) {
- fl_print_format(" %Q", print->to, arguments.array[i]);
- } // for
-
- fl_print_format("%]%[' returned with code of%] ", print->to, print->set->notable, print->context, print->context);
- fl_print_format(f_string_format_i_single_s.string, print->to, print->set->notable, return_code, print->set->notable);
- fl_print_format(f_string_format_sentence_end_single_s.string, print->to, print->context, print->context, f_string_eol_s);
-
- f_file_stream_unlock(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_error_operation_return_code_
-
-#ifndef _di_firewall_print_error_operation_specified_not_
- f_status_t firewall_print_error_operation_specified_not(fl_print_t * const print) {
-
- if (!print) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_error_e) return F_output_not;
-
- fll_print_format("%[%QNo operation is given.%]%r", print->to, print->context, print->prefix, print->context, f_string_eol_s);
-
- return F_okay;
- }
-#endif // _di_firewall_print_error_operation_specified_not_
-
-#ifndef _di_firewall_print_error_unhandled_
- f_status_t firewall_print_error_unhandled(fl_print_t * const print, const f_string_t debug, const f_string_static_t file) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_error_e) return F_output_not;
-
- firewall_main_t * const main = (firewall_main_t *) print->custom;
-
- f_file_stream_lock(print->to);
-
- fl_print_format("%[%QAn unhandled error (%]", print->to, f_string_eol_s, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_ui_single_s.string, print->to, print->notable, F_status_set_fine(main->setting.state.status), print->notable);
- fl_print_format("%[) has occurred while calling%] ", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_S_single_s.string, print->to, print->notable, debug, print->notable);
-
- if (file.used) {
- fl_print_format("%[() for the file%] ", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, file, print->notable);
- fl_print_format(f_string_format_sentence_end_single_s.string, print->to, print->context, print->context, f_string_eol_s);
- }
- else {
- fl_print_format("%[().%]%r", print->to, print->context, print->context, f_string_eol_s);
- }
-
- f_file_stream_unlock(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_error_unhandled_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the print error functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_print_error_h
-#define _firewall_print_error_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Print generic error message regarding a function failing in some way.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param debug
- * (optional) The debug details, such as file, line number, and function.
- *
- * Set to NULL to disable.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- *
- * @see fll_error_print()
- */
-#ifndef _di_firewall_print_error_
- extern f_status_t firewall_print_error(fl_print_t * const print, const f_string_t debug);
-#endif // _di_firewall_print_error_
-
-/**
- * Print file related error or warning messages.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param debug
- * (optional) The debug details, such as file, line number, and function.
- *
- * Set to NULL to disable.
- * @param name
- * The name of the file or directory.
- * @param operation
- * The operation that fails, such as 'create' or 'access'.
- * @param type
- * A valid file type code from the fll_error_file_type enum.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- *
- * @see fll_error_file_print()
- */
-#ifndef _di_firewall_print_error_file_
- extern f_status_t firewall_print_error_file(fl_print_t * const print, const f_string_t debug, const f_string_static_t name, const f_string_static_t operation, const uint8_t type);
-#endif // _di_firewall_print_error_file_
-
-/**
- * Print file related error message regarding that there is no relevant data in the file.
- *
- * The file is effectively empty but could have comments or other non-valid (aka non-Object) data.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param debug
- * (optional) The debug details, such as file, line number, and function.
- *
- * Set to NULL to disable.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- *
- * @see fll_error_file_print()
- */
-#ifndef _di_firewall_print_error_file_empty_
- extern f_status_t firewall_print_error_file_empty(fl_print_t * const print, const f_string_static_t file);
-#endif // _di_firewall_print_error_file_empty_
-
-/**
- * Print error message regarding being unable to find any devices.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- *
- * @see fll_error_print()
- */
-#ifndef _di_firewall_print_error_network_device_none_
- extern f_status_t firewall_print_error_network_device_none(fl_print_t * const print);
-#endif // _di_firewall_print_error_network_device_none_
-
-/**
- * Print an error about the given operation failed.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param tool
- * The tool, such as iptables, that failed.
- * @param arguments
- * The arguments passed to the tool.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- */
-#ifndef _di_firewall_print_error_operation_
- extern f_status_t firewall_print_error_operation(fl_print_t * const print, const f_string_static_t tool, const f_string_statics_t arguments);
-#endif // _di_firewall_print_error_operation_
-
-/**
- * Print an error about the operation setting missing from the file.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param operation
- * The operation setting that is missing from the file.
- * This is also the name of the operation itself.
- * @param file
- * The file that is missing the operation.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- */
-#ifndef _di_firewall_print_error_operation_files_missing_
- extern f_status_t firewall_print_error_operation_files_missing(fl_print_t * const print, const f_string_static_t operation, const f_string_static_t file);
-#endif // _di_firewall_print_error_operation_files_missing_
-
-/**
- * Print an error about the given operation failed according to the given return code.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param tool
- * The tool, such as iptables, that failed.
- * @param arguments
- * The arguments passed to the tool.
- * @param return_code
- * The code returned by the tool.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- */
-#ifndef _di_firewall_print_error_operation_return_code_
- extern f_status_t firewall_print_error_operation_return_code(fl_print_t * const print, const f_string_static_t tool, const f_string_statics_t arguments, const int return_code);
-#endif // _di_firewall_print_error_operation_return_code_
-
-/**
- * Print generic error message regarding a function failing in some way.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- *
- * @see fll_error_print()
- */
-#ifndef _di_firewall_print_error_operation_specified_not_
- extern f_status_t firewall_print_error_operation_specified_not(fl_print_t * const print);
-#endif // _di_firewall_print_error_operation_specified_not_
-
-/**
- * Print an unhandled error for the given function.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param debug
- * (optional) The debug details, such as file, line number, and function.
- *
- * Set to NULL to disable.
- * @param file
- * The name of the file, if this error is assocaited with a file.
- * Otherwise, set file.used to 0 to not have an file related error message.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- */
-#ifndef _di_firewall_print_error_unhandled_
- extern f_status_t firewall_print_error_unhandled(fl_print_t * const print, const f_string_t debug, const f_string_static_t file);
-#endif // _di_firewall_print_error_unhandled_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_print_error_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_print_message_help_
- f_status_t firewall_print_message_help(fl_print_t * const print) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
-
- f_file_stream_lock(print->to);
-
- fll_program_print_help_header(print, firewall_program_name_long_s, firewall_program_version_s);
-
- fll_program_print_help_option_standard(print);
-
- f_print_dynamic_raw(f_string_eol_s, print->to);
-
- fll_program_print_help_option_short(print, firewall_short_4_s, f_console_symbol_short_normal_s, "Explicitly use IPv4 for show and rules to use iptables.");
- fll_program_print_help_option_short(print, firewall_short_6_s, f_console_symbol_short_normal_s, "Explicitly use IPv6 and rules to use ip6tables.");
-
- f_print_dynamic_raw(f_string_eol_s, print->to);
-
- fll_program_print_help_operations(print);
-
- fll_program_print_help_option_other(print, firewall_operation_lock_s, " Switch to rules intended to prevent all communication.");
- fll_program_print_help_option_other(print, firewall_operation_restart_s, "Turn off and then turn on the firewall.");
- fll_program_print_help_option_other(print, firewall_operation_show_s, " Show the active firewall settings.");
- fll_program_print_help_option_other(print, firewall_operation_start_s, " Turn on the firewall.");
- fll_program_print_help_option_other(print, firewall_operation_stop_s, " Turn off the firewall.");
-
- f_print_dynamic_raw(f_string_eol_s, print->to);
-
- fll_program_print_help_usage(print, firewall_program_name_s, firewall_program_help_parameters_s);
-
- f_file_stream_flush(print->to);
- f_file_stream_unlock(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_message_help_
-
-#ifndef _di_firewall_print_message_show_header_
- f_status_t firewall_print_message_show_header(fl_print_t * const print, const f_string_static_t left, const f_string_static_t header, const f_string_static_t right, const uint8_t ipv6) {
-
- if (!print) return F_status_set_error(F_output_not);
-
- f_file_stream_lock(print->to);
-
- if (left.used) {
- fl_print_format("%[%Q%] ", print->to, print->set->standout, left, print->set->standout);
- }
-
- fll_print_format("%[%Q (%Q)%]", print->to, print->set->title, header, ipv6 ? firewall_print_show_ipv6_s: firewall_print_show_ipv4_s, print->set->title, f_string_eol_s);
-
- if (left.used) {
- fl_print_format(" %[%Q%]", print->to, print->set->standout, right, print->set->standout);
- }
-
- f_print_dynamic_raw(f_string_eol_s, print->to);
-
- f_file_stream_flush(print->to);
- f_file_stream_unlock(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_message_show_header_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the print message functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_print_message_h
-#define _firewall_print_message_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Print help.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- *
- * @see f_file_stream_flush()
- * @see f_file_stream_lock()
- * @see f_file_stream_unlock()
- * @see f_print_dynamic_raw()
- * @see fl_print_format()
- *
- * @see fll_program_print_help_header()
- * @see fll_program_print_help_option()
- * @see fll_program_print_help_option_standard()
- * @see fll_program_print_help_usage()
- */
-#ifndef _di_firewall_print_message_help_
- extern f_status_t firewall_print_message_help(fl_print_t * const print);
-#endif // _di_firewall_print_message_help_
-
-/**
- * Print show option header.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param left
- * The option to show on the left side of the header text.
- * The left.used may be 0.
- * @param header
- * The header text.
- * The header.used should not be 0.
- * @param right
- * The option to show on the right side of the header text.
- * The right.used may be 0.
- * @param ipv6
- * If TRUE, then print IPv6 string.
- * If FALSE, then print IPv4 string.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- *
- * @see f_file_stream_flush()
- * @see f_file_stream_lock()
- * @see f_file_stream_unlock()
- * @see f_print_dynamic_raw()
- * @see fl_print_format()
- */
-#ifndef _di_firewall_print_message_show_header_
- extern f_status_t firewall_print_message_show_header(fl_print_t * const print, const f_string_static_t left, const f_string_static_t header, const f_string_static_t right, const uint8_t ipv6);
-#endif // _di_firewall_print_message_show_header_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_print_message_h
+++ /dev/null
-#include "../firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _di_firewall_print_warning_chain_meaningless_line_
- f_status_t firewall_print_warning_chain_meaningless_line(fl_print_t * const print, const f_number_unsigned_t line) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_verbose_e) return F_output_not;
-
- firewall_main_t * const main = (firewall_main_t *) print->custom;
-
- f_file_stream_lock(print->to);
-
- fl_print_format("%[%QAt line%] ", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_un_single_s.string, print->to, print->notable, line, print->notable);
-
- if (main->data.file.used && main->data.file.string) {
- fl_print_format(" %[of '%]", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, main->data.file, print->notable);
- fl_print_format("%[' ", print->to, print->context);
- }
- else {
- fl_print_format(" %[", print->to, print->context);
- }
-
- fl_print_format("the chain option is meaningless inside of a custom chain%]%r", print->to, print->context, f_string_eol_s);
-
- f_file_stream_unlock(print->to);
- f_file_stream_flush(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_warning_chain_meaningless_line_
-
-#ifndef _di_firewall_print_warning_content_invalid_missing_line_
- f_status_t firewall_print_warning_content_invalid_missing_line(fl_print_t * const print, const f_number_unsigned_t line, const f_string_static_t buffer, const f_range_t range) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_verbose_e) return F_output_not;
-
- firewall_main_t * const main = (firewall_main_t *) print->custom;
-
- f_file_stream_lock(print->to);
-
- fl_print_format("%[%QAt line%] ", print->to, print->context, print->prefix, print->context);
-
- if (main->data.file.used && main->data.file.string) {
- fl_print_format(" %[of '%]", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, main->data.file, print->notable);
- fl_print_format("%[' ", print->to, print->context);
- }
- else {
- fl_print_format(" %[", print->to, print->context);
- }
-
- fl_print_format(f_string_format_un_single_s.string, print->to, print->notable, line, print->notable);
- fl_print_format(" %[the object '%]", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_Q_range_single_s.string, print->to, print->notable, buffer, range, print->notable);
-
- if (range.start > range.stop) {
- fl_print_format("%[' has no content.%]%r", print->to, print->context, print->context, f_string_eol_s);
- }
- else {
- fl_print_format("%[' is invalid.%]%r", print->to, print->context, print->context, f_string_eol_s);
- }
-
- f_file_stream_unlock(print->to);
- f_file_stream_flush(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_warning_content_invalid_missing_line_
-
-#ifndef _di_firewall_print_warning_object_invalid_missing_line_
- f_status_t firewall_print_warning_object_invalid_missing_line(fl_print_t * const print, const f_number_unsigned_t line, const f_string_static_t buffer, const f_range_t range) {
-
- if (!print || !print->custom) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_verbose_e) return F_output_not;
-
- firewall_main_t * const main = (firewall_main_t *) print->custom;
-
- f_file_stream_lock(print->to);
-
- fl_print_format("%[%QAt line%] ", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_un_single_s.string, print->to, print->notable, line, print->notable);
-
- if (main->data.file.used && main->data.file.string) {
- fl_print_format(" %[of '%]", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, main->data.file, print->notable);
- fl_print_format("%[' ", print->to, print->context);
- }
- else {
- fl_print_format(" %[", print->to, print->context);
- }
-
- if (range.start > range.stop) {
- fl_print_format(" %[the object is missing.%]%r", print->to, print->context, print->context, f_string_eol_s);
- }
- else {
- fl_print_format(" %[the object '%]", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_Q_range_single_s.string, print->to, print->notable, buffer, range, print->notable);
- fl_print_format("%[' is invalid.%]%r", print->to, print->context, print->context, f_string_eol_s);
- }
-
- f_file_stream_unlock(print->to);
- f_file_stream_flush(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_warning_object_invalid_missing_line_
-
-#ifndef _di_firewall_print_warning_show_option_unknown_
- f_status_t firewall_print_warning_show_option_unknown(fl_print_t * const print, const f_string_static_t option) {
-
- if (!print) return F_status_set_error(F_output_not);
- if (print->verbosity < f_console_verbosity_verbose_e) return F_output_not;
-
- f_file_stream_lock(print->to);
-
- fl_print_format("%[%QThe%] ", print->to, print->context, print->prefix, print->context);
- fl_print_format(firewall_operation_show_s.string, print->to, print->notable, option, print->notable);
- fl_print_format(" %[option '%]", print->to, print->context, print->prefix, print->context);
- fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, option, print->notable);
- fl_print_format("%[' is not known.%]%r", print->to, print->context, print->context, f_string_eol_s);
-
- f_file_stream_unlock(print->to);
- f_file_stream_flush(print->to);
-
- return F_okay;
- }
-#endif // _di_firewall_print_warning_show_option_unknown_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides the print warning functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_print_warning_h
-#define _firewall_print_warning_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Print warning message regarding chain being meaningless at the given line.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param line
- * The line number.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- */
-#ifndef _di_firewall_print_warning_chain_meaningless_line_
- extern f_status_t firewall_print_warning_chain_meaningless_line(fl_print_t * const print, const f_number_unsigned_t line);
-#endif // _di_firewall_print_warning_chain_meaningless_line_
-
-/**
- * Print warning message regarding a line having no Content or invalid Content for the given Object.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param line
- * The line number.
- * @param buffer
- * The buffer containing the Object.
- * @param range
- * The range within the buffer representing the Object.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- */
-#ifndef _di_firewall_print_warning_content_invalid_missing_line_
- extern f_status_t firewall_print_warning_content_invalid_missing_line(fl_print_t * const print, const f_number_unsigned_t line, const f_string_static_t buffer, const f_range_t range);
-#endif // _di_firewall_print_warning_content_invalid_missing_line_
-
-/**
- * Print warning message regarding a line having no Object or the Object is invalid.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param line
- * The line number.
- * @param buffer
- * The buffer containing the Object.
- * @param range
- * The range within the buffer representing the Object.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- */
-#ifndef _di_firewall_print_warning_object_invalid_missing_line_
- extern f_status_t firewall_print_warning_object_invalid_missing_line(fl_print_t * const print, const f_number_unsigned_t line, const f_string_static_t buffer, const f_range_t range);
-#endif // _di_firewall_print_warning_object_invalid_missing_line_
-
-/**
- * Print warning message regarding a show option not being known.
- *
- * @param print
- * The output structure to print to.
- *
- * This does not alter print.custom.setting.state.status.
- * @param option
- * The show option that is not known.
- *
- * @return
- * F_okay on success.
- * F_output_not on success, but no printing is performed.
- *
- * F_output_not (with error bit) if setting is NULL.
- */
-#ifndef _di_firewall_print_warning_show_option_unknown_
- extern f_status_t firewall_print_warning_show_option_unknown(fl_print_t * const print, const f_string_static_t option);
-#endif // _di_firewall_print_warning_show_option_unknown_
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_print_warning_h
+++ /dev/null
-#include "firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(_di_firewall_signal_handler_) && !defined(_di_thread_support_)
- void firewall_signal_handler(firewall_main_t * const main) {
-
- if (!main) return;
-
- f_signal_set_empty(&main->program.signal.set);
- f_signal_set_add(F_signal_abort, &main->program.signal.set);
- f_signal_set_add(F_signal_broken_pipe, &main->program.signal.set);
- f_signal_set_add(F_signal_hangup, &main->program.signal.set);
- f_signal_set_add(F_signal_interrupt, &main->program.signal.set);
- f_signal_set_add(F_signal_quit, &main->program.signal.set);
- f_signal_set_add(F_signal_termination, &main->program.signal.set);
-
- fll_program_standard_signal_received_wait(&main->program, firewall_signal_check_failsafe_d);
-
- if (F_status_is_error(main->program.signal_status) && F_status_set_fine(main->program.signal_status) != F_interrupt) {
- main->program.signal_received = F_signal_abort;
- }
- }
-#endif // !defined(_di_firewall_signal_handler_) && !defined(_di_thread_support_)
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides signal functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_signal_h
-#define _firewall_signal_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Signal handler for signals/interrupts.
- *
- * This blocks until an expected signal is recieved.
- * When an expected signal is received it then sets the
- *
- * If main.signal is non-zero, then this handles the following signals:
- * - F_signal_abort
- * - F_signal_broken_pipe
- * - F_signal_hangup
- * - F_signal_interrupt
- * - F_signal_quit
- * - F_signal_termination
- *
- * @param main
- * The main program and settings data.
- *
- * Must not be NULL.
- *
- * This alters main.program.signal_received, setting it to a received signal.
- * This alters main.program.signal_status.
- *
- * This does not alter main.setting.state.status.
- *
- * @see f_signal_set_add()
- * @see f_signal_set_empty()
- * @see fll_program_standard_signal_received_wait()
- */
-#if !defined(_di_firewall_signal_handler_) && !defined(_di_thread_support_)
- extern void firewall_signal_handler(firewall_main_t * const main);
-#endif // !defined(_di_firewall_signal_handler_) && !defined(_di_thread_support_)
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_signal_h
+++ /dev/null
-#include "firewall.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(_di_firewall_thread_signal_) && !defined(_di_thread_support_)
- void * firewall_thread_signal(void * const main) {
-
- f_thread_cancel_state_set(PTHREAD_CANCEL_DEFERRED, 0);
-
- if (main) {
- firewall_signal_handler((firewall_main_t *) main);
- }
-
- return 0;
- }
-#endif // !defined(_di_firewall_thread_signal_) && !defined(_di_thread_support_)
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
+++ /dev/null
-/**
- * FLL - Level 3
- *
- * Project: Firewall
- * API Version: 0.8
- * Licenses: lgpl-2.1-or-later
- *
- * Provides thread functionality.
- *
- * This is auto-included and should not need to be explicitly included.
- */
-#ifndef _firewall_thread_h
-#define _firewall_thread_h
-
-/**
- * Thread handler for signals/interrupts.
- *
- * If main.signal is non-zero, then this handles the following signals:
- * - F_signal_abort
- * - F_signal_broken_pipe
- * - F_signal_hangup
- * - F_signal_interrupt
- * - F_signal_quit
- * - F_signal_termination
- *
- * @param main
- * The program and settings data.
- *
- * Must be of type firewall_main_t.
- *
- * @return
- * 0, always.
- *
- * @see f_thread_cancel_state_set()
- *
- * @see firewall_signal_handler()
- */
-#if !defined(_di_firewall_thread_signal_) && !defined(_di_thread_support_)
- extern void * firewall_thread_signal(void * const main);
-#endif // !defined(_di_firewall_thread_signal_) && !defined(_di_thread_support_)
-
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
-#endif // _firewall_thread_h
+++ /dev/null
-# fss-0000
-
-_di_libcap_ Disable libcap support, allow for compiling and linking without libcap (-lcap).
-_di_thread_support_ Disables thread support.
-
-_libcap_legacy_only_ Disable functionality provided by later versions of libcap (2.43 and later).
-
-_pthread_attr_unsupported_ Disable non-portable functionality associated with pthread_attr.
-_pthread_sigqueue_unsupported_ Disable GNU specific sigqueue().
+++ /dev/null
-# fss-0000
-
-f_type
-f_status
-f_memory
-f_type_array
-f_string
-f_utf
-f_abstruse
-f_capability
-f_color
-f_compare
-f_console
-f_control_group
-f_conversion
-f_directory
-f_environment
-f_execute
-f_file
-f_fss
-f_limit
-f_parse
-f_path
-f_pipe
-f_print
-f_rip
-f_status_string
-f_signal
-f_thread
-
-fl_control_group
-fl_conversion
-fl_environment
-fl_execute
-fl_fss
-fl_print
-
-fll_error
-fll_execute
-fll_fss
-fll_print
-fll_program
+++ /dev/null
-# fss-0005 iki-0002
-
-settings:
- fail exit
- modes individual individual_thread level monolithic clang coverage fanalyzer gcc gcc_13 test thread threadless
-
- environment PATH LD_LIBRARY_PATH
- environment LANG LC_ALL LC_COLLATE LC_CTYPE LC_FASTMSG LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LOCPATH NLSPATH
-
-main:
- build
-
-install:
- shell ./install.sh parameter:'work' parameter:'verbosity' parameter:'color'
-
-help:
- print
- print context:'title'Fakefile Options for Firewall Program.context:'reset'
-
- print
- print The following operations are available\:
- print " - context:'notable'help:context:'reset' Perform the help operation, printing this message."
- print " - context:'notable'install:context:'reset' A helper operation that simply calls the ./install.sh script with default settings."
- print " - context:'notable'main:context:'reset' The default compilation using the build settings mode."
-
- print
- print The context:'notable'install[context]:'reset' operation supports the context:'notable'work[context]:'reset', context:'notable'verbosity[context]:'reset', and context:'notable'color[context]:'reset' parameters.
+++ /dev/null
-# fss-0001
-#
-# Modes:
-# - android: Compile on an android system (using Termux; may need modification depending on the android system).
-# - clang: Use CLang rather than the default, which is generally GCC.
-# - coverage: Compile for building coverage.
-# - debug: Enable debugging, such as compile time debug options.
-# - fanalyzer: Compile using GCC's -fanalyzer compile time option.
-# - gcc: Use GCC specific settings.
-# - gcc_13: Use GCC version 13 or greater specific settings.
-# - individual: Compile using per project (individual) libraries, does not handle thread or threadless cases.
-# - individual_thread: This is required when compiling in individual mode with "thread" mode.
-# - level: Compile using per level libraries.
-# - monolithic: Compile using per monolithic libraries.
-# - test: Compile for a test, such as unit testing.
-# - thread: Compile with thread support.
-# - threadless: Compile without thread support.
-#
-
-build_name firewall
-
-version_major 0
-version_minor 8
-version_micro 0
-version_file micro
-version_target minor
-
-modes android clang coverage debug fanalyzer gcc gcc_13 individual individual_thread level monolithic test thread threadless
-modes_default debug gcc monolithic thread
-
-build_compiler gcc
-build_compiler-clang clang
-build_indexer ar
-build_indexer_arguments rcs
-build_language c
-
-build_libraries_shared -lc -lcap
-build_libraries_shared-individual -lfll_error -lfll_execute -lfll_fss -lfll_print -lfll_program -lfl_control_group -lfl_conversion -lfl_environment -lfl_fss -lfl_print -lf_abstruse -lf_capability -lf_color -lf_compare -lf_console -lf_control_group -lf_conversion -lf_directory -lf_environment -lf_execute -lf_file -lf_fss -lf_limit -lf_memory -lf_parse -lf_path -lf_pipe -lf_print -lf_rip -lf_signal -lf_status_string -lf_string -lf_type_array -lf_utf
-build_libraries_shared-individual_thread -lf_thread
-build_libraries_shared-level -lfll_2 -lfll_1 -lfll_0
-build_libraries_shared-monolithic -lfll
-
-build_libraries_static -l:libc.a -l:libcap.a
-build_libraries_static-individual -l:libfll_error.a -l:libfll_execute.a -l:libfll_fss.a -l:libfll_print.a -l:libfll_program.a -l:libfl_control_group.a -l:libfl_conversion.a -l:libfl_environment.a -l:libfl_fss.a -l:libfl_print.a -l:libf_abstruse.a -l:libf_capability.a -l:libf_color.a -l:libf_compare.a -l:libf_console.a -l:libf_control_group.a -l:libf_conversion.a -l:libf_directory.a -l:libf_environment.a -l:libf_execute.a -l:libf_file.a -l:libf_fss.a -l:libf_limit.a -l:libf_memory.a -l:libf_parse.a -l:libf_path.a -l:libf_pipe.a -l:libf_print.a -l:libf_rip.a -l:libf_signal.a -l:libf_status_string.a -l:libf_string.a -l:libf_type_array.a -l:libf_utf.a
-build_libraries_static-individual_thread -l:libf_thread.a
-build_libraries_static-level -l:libfll_2.a -l:libfll_1.a -l:libfll_0.a
-build_libraries_static-monolithic -l:libfll.a
-
-build_sources_library main/common.c main/common/define.c main/common/enumeration.c main/common/string.c main/common/type.c
-build_sources_library main/print/debug.c main/print/error.c main/print/message.c main/print/warning.c
-build_sources_library main/operate.c main/operate/buffer.c main/operate/chains.c main/operate/create.c main/operate/default.c main/operate/delete.c main/operate/process.c main/operate/rules.c main/operate/show.c
-build_sources_library main/firewall.c main/signal.c main/thread.c
-
-build_sources_program main/main.c
-
-build_sources_headers main/common.h main/common/define.h main/common/enumeration.h main/common/string.h main/common/type.h
-build_sources_headers main/print/debug.h main/print/error.h main/print/message.h main/print/warning.h
-build_sources_headers main/operate.h main/operate/buffer.h main/operate/chains.h main/operate/create.h main/operate/default.h main/operate/delete.h main/operate/process.h main/operate/rules.h main/operate/show.h
-build_sources_headers main/firewall.h main/operate.h main/signal.h main/thread.h
-
-build_sources_documentation man
-
-build_sources_setting network
-
-build_script yes
-build_shared yes
-build_static no
-
-path_headers program/firewall
-path_library_script script
-path_library_shared shared
-path_library_static static
-path_object_script script
-path_object_shared shared
-path_object_static static
-path_program_script script
-path_program_shared shared
-path_program_static static
-
-has_path_standard yes
-preserve_path_headers yes
-
-search_exclusive yes
-search_shared yes
-search_static yes
-
-environment PATH LD_LIBRARY_PATH
-environment LANG LC_ALL LC_COLLATE LC_CTYPE LC_FASTMSG LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LOCPATH NLSPATH
-
-#defines -D_di_libcap_
-defines -D_libcap_legacy_only_
-defines-android -D_di_f_thread_attribute_affinity_get_ -D_di_f_thread_attribute_affinity_set_ -D_di_f_thread_attribute_concurrency_get_ -D_di_f_thread_attribute_concurrency_set_ -D_di_f_thread_attribute_default_get_ -D_di_f_thread_attribute_default_set_ -D_di_f_thread_cancel_ -D_di_f_thread_cancel_state_set_ -D_di_f_thread_cancel_test_ -D_di_f_thread_join_try_ -D_di_f_thread_join_timed_ -D_pthread_mutex_prioceiling_unsupported_ -D_di_f_thread_semaphore_file_close_ -D_di_f_thread_semaphore_file_open_ -D_di_f_thread_semaphore_file_delete_ -D_di_f_thread_cancel_type_set_
-defines-debug -D_en_f_status_debug_
-defines-thread -D_pthread_attr_unsupported_ -D_pthread_sigqueue_unsupported_
-defines-threadless -D_di_thread_support_
-
-flags -O2 -g -fdiagnostics-color=always -Wno-logical-not-parentheses -Wno-parentheses -Wno-missing-braces
-flags -fstack-clash-protection -fno-delete-null-pointer-checks
-flags -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now
-flags-android -Wno-implicit-function-declaration -Wl,-z,norelro
-flags-clang -Wno-logical-op-parentheses
-flags-coverage -O0 --coverage -fprofile-abs-path -fprofile-dir=build/coverage/
-flags-fanalyzer -fanalyzer
-flags-gcc_13 -fstrict-flex-arrays=3
-flags-test -O0 -fstack-protector-strong -Wall
-flags-thread -pthread
-
-flags_library -fPIC
-flags_object -fPIC
-flags_program -fPIE
-flags_program-android -fPIE -Wl,-z,relro
+++ /dev/null
-.TH FIREWALL "1" "November 2025" "Kevux - Firewall 0.8.0" "User Commands"
-.SH NAME
-firewall \- A basic iptables based firewall manager for the Kevux distribution.
-.SH SYNOPSIS
-.B firewall
-[\fI\,OPTIONS\/\fR] [\fI\,COMMAND\/\fR]
-.SH DESCRIPTION
-.PP
-.SH OPTIONS
-.TP
-\fB\{\-h, \-\-help\fR
-Print the help message.
-.TP
-\fB+C, ++copyright\fR
-Print the copyright.
-\fB+d, ++dark\fR
-Output using colors that show up better on dark backgrounds.
-.TP
-\fB+l, ++light\fR
-Output using colors that show up better on light backgrounds.
-.TP
-\fB+n, ++no_color\fR
-Do not print using color.
-.TP
-\fB+Q, ++quiet\fR
-Decrease verbosity, silencing most output.
-.TP
-\fB+E, ++error\fR
-Decrease verbosity, using only error output.
-.TP
-\fB+N, ++normal\fR
-Set verbosity to normal.
-.TP
-\fB+V, ++verbose\fR
-Increase verbosity beyond normal output.
-.TP
-\fB+D, ++debug\fR
-Enable debugging, significantly increasing verbosity beyond normal output.
-.TP
-\fB+v, ++version\fR
-Print only the version number.
-.SH COMMAND
-.TP
-\fBstart\fR
-Turn on the firewall.
-.TP
-\fBstop\fR
-Turn off the firewall.
-.TP
-\fBrestart\fR
-Turn off and then turn on the firewall.
-.TP
-\fBlock\fR
-Prevent all communication.
-.TP
-\fBshow\fR
-Show active firewall settings.
-.SH AUTHOR
-Written by Kevin Day.
-.SH COPYRIGHT
-.PP
-Copyright \(co 2007-2025 Kevin Day, GNU LGPL Version 2.1 or later.
+++ /dev/null
-# fss-0000
+++ /dev/null
-# fss-0000
+++ /dev/null
-# fss-0002
-# valid tool: iptables, ip6tables, ip46tables (ip46tables = both ip4 and ip6 tables, which is the default).
-# valid direction: input, output, none.
-# valid device: all, this, (any device name goes here without parenthesis).
-# valid action: append, insert, policy, none.
-# valid procotol: none, (any valid iptables protocol type, such as tcp, udp, and icmp).
-# reserved chains: INPUT, OUTPUT, FORWARD, POSTROUTING, PREROUTING, none (this only applies from within a 'main' list).
-# some options for -j: ACCEPT, REJECT, DROP, RETURN, LOG, AUDIT, CHECKSUM, CLASSIFY, CLUSTERIP, CONNMARK, CONNSECMARK, CT, DNAT, DNPT, DSCP, ECN, HL, HMARK, IDLETIMER, LED, MARK, MASQUERADE, MIRROR, NETMAP, NFLOG, NFQUEUE, NOTRACK, RATETEST, REDIRECT, SAME, SECMARK, SET, SNAT, SNPT, TCPMSS,TCPOPTSTRIP, TEE, TOS, TPROXY, TRACE, TTL, ULOG.
-# some options for -t: nat, mangle, filter, raw, security (filter is the default).
-# some options for --state: NEW, ESTABLISHED, RELATED, INVALID, UNTRACKED, SNAT, DNAT.
-# some options for --ctstatus: NONE, EXPECTED, SEEN_REPLY, ASSURED, CONFIRMED.
-
-main:
- chain INPUT
- device this
- direction none
-
- # Define a blacklist and a whitelist, put ip addresses in the file named 'example-device-whitelist' separated by white space to whitelist an ip address
- # (ip_list might be removed in the future once I figure out how ipset works and confirm if ipset can replace my ip_list.)
- #ip_list source example-device-whitelist -j ACCEPT
- #ip_list source example-device-blacklist -j REJECT
- #ip_list destination example-device-whitelist -j ACCEPT
- #ip_list destination example-device-blacklist -j REJECT
-
- # Connection marking for vlans or QoS (via: tc).
- #chain PREROUTING
- #rule -t mangle -j CONNMARK --restore-mark
- #chain INPUT
-
- # save markings that have been restored (prerouting).
- #chain PREROUTING
- #rule -t mangle -m mark --mark 2 -j CONNMARK --save-mark
- #rule -t mangle -m mark --mark 3 -j CONNMARK --save-mark
- #chain INPUT
-
- # example rate limit using marking for port 22
- #protocol tcp
- #chain OUTPUT
- #direction output
- #rule -t mangle --sport 22 -j MARK --set-mark 2
- #chain INPUT
- #direction input
- #rule -t mangle --dport 22 -j MARK --set-mark 2
- #direction none
-
- # rate limit when there are 8 or more connections from a single host.
- #protocol tcp
- #chain OUTPUT
- #rule -t mangle -m connlimit --connlimit-above 7 -j MARK --set-mark 3
- #chain INPUT
- #rule -t mangle -m connlimit --connlimit-above 7 -j MARK --set-mark 3
-
- # save markings that have been assigned (postrouting).
- #protocol none
- #chain POSTROUTING
- #rule -t mangle -m mark --mark 2 -j CONNMARK --save-mark
- #rule -t mangle -m mark --mark 3 -j CONNMARK --save-mark
- #chain INPUT
-
-
- # randomly trigger the rule (51% of the time) and then the reset of the time go to the second rule.
- # this can be very useful in distributing connections between different devices or servers.
- #rule -m random --average 51 -j example_rule_1
- #rule -j example_rule_2
-
-
-input-tcp:
- device this
- direction input
- protocol tcp
-
- ## Http / Web
- #rule --dport 80 -j LOG --log-prefix "TRAFFIC:WEB "
- #rule --dport 80 -j ACCEPT
-
- ## Http / Web redirect to Https / Secure Web
- #tool iptables
- #rule -t nat --dport 80 -j REDIRECT --to-port 443
- #tool ip46tables
- #direction input
-
- ## Https / Secure Web
- #rule --dport 443 -j LOG --log-prefix "TRAFFIC:WEB "
- #rule --dport 443 -j ACCEPT
-
- ## Http / Https / Web throttle connections that occur too often.
- #rule --dport 80 --sync -m recent --name http_throttle --set
- #rule --dport 80 --sync -m recent --name http_throttle --update --seconds 3 --hitcount 10 -j DROP
- #rule --dport 443 --sync -m recent --name http_throttle --set
- #rule --dport 443 --sync -m recent --name http_throttle --update --seconds 3 --hitcount 10 -j DROP
-
- ## MySQL
- #rule --dport 3306 -j ACCEPT
-
- ## Music Player Daemon
- #rule --dport 6600 -j ACCEPT
-
- ## Camsource
- #rule --dport 9192 -j ACCEPT
-
- ## Cups Printer Administration
- #rule --dport 631 -j ACCEPT
-
- ## Ssh (OpenSSH)
- #rule --dport 22 -j LOG --log-prefix "TRAFFIC:SSH "
- #rule --dport 22 -j ACCEPT
-
- ## clamd (Clam Antivirus) - remote access, not needed for normal
- #rule --dport 3310 -j ACCEPT
-
- ## Virtual Network Client Server (add 1 for each seperat vnc server)
- #rule --dport 5900 -j ACCEPT
-
- ## Printer Port, is probably open...safer to close unless you are SERVING a printer
- #rule --dport 515 -j REJECT
-
- ## Subversion server
- #rule --dport 3690 -j ACCEPT
-
- ## Silc server
- #rule --dport 706 -j ACCEPT
-
- ## Worms of Prey
- #rule --dport 47288 -j ACCEPT
-
- ## Git Daemon
- #rule --dport 9418 -j ACCEPT
-
- ## Ldap Server
- #rule --dport 389 -j ACCEPT
- #rule --dport 636 -j ACCEPT
- #rule --dport 1636 -j ACCEPT
-
- ## Mail Server (25 = SMTP, 465 = SMTPS, 993 = IMAP, 995 = POP)
- #rule --dport 25 -j ACCEPT
-
-
-input-udp:
- device this
- direction input
- protocol udp
-
- ## DNS Server (Bind or Maradns) (zoneserver from maradns does this portion)
- #rule --dport 53 -j ACCEPT
-
- ## DHCP Server (providing dhcp address to clients)
- #tool iptables
- #rule --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
- #tool ip46tables
-
- ## Subversion server
- #rule --dport 3690 -j ACCEPT
-
- ## Worms of Prey
- #rule --sport 47288:47544 -j ACCEPT
- #rule --dport 47288:47544 -j ACCEPT
-
-
-input-icmp:
- device this
- direction input
- protocol icmp
-
- # allow all icmp input, such as pings
- #rule -j ACCEPT
-
- # allow icmp: echo reply (outbound ping)
- ##rule --icmp-type 0 -j ACCEPT
-
- # allow icmp: destination unreachable
- #rule --icmp-type 3 -j ACCEPT
-
- # allow icmp: source quench
- #rule --icmp-type 4 -j ACCEPT
-
- # allow icmp: redirect
- #rule --icmp-type 5 -j ACCEPT
-
- # allow icmp: echo request (inbound ping)
- #rule --icmp-type 8 -j ACCEPT
-
- # allow icmp: router advertisement
- #rule --icmp-type 9 -j ACCEPT
-
- # allow icmp: router Solicitation
- #rule --icmp-type 10 -j ACCEPT
-
- # allow icmp: time exceeded
- #rule --icmp-type 11 -j ACCEPT
-
- # allow icmp: bad ip header
- #rule --icmp-type 12 -j ACCEPT
-
- # allow icmp: timestamp
- #rule --icmp-type 13 -j ACCEPT
-
- # allow icmp: timestamp reply
- #rule --icmp-type 14 -j ACCEPT
-
- # allow icmp: information request
- #rule --icmp-type 15 -j ACCEPT
-
- # allow icmp: information reply
- #rule --icmp-type 16 -j ACCEPT
-
- # allow icmp: address request
- #rule --icmp-type 17 -j ACCEPT
-
- # allow icmp: address reply
- #rule --icmp-type 18 -j ACCEPT
-
- # allow icmp: traceroute
- #rule --icmp-type 30 -j ACCEPT
-
-
-output-tcp:
- device this
- direction output
- protocol tcp
-
-
-output-udp:
- device this
- direction output
- protocol udp
-
- ## DNS Server (Bind or Maradns) (zoneserver from maradns does this portion)
- #rule --dport 53 -j ACCEPT
-
- ## DHCP Server (providing dhcp address to clients)
- #tool iptables
- #rule --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
- #tool ip46tables
-
-
-output-icmp:
- device this
- direction output
- protocol icmp
-
-
+++ /dev/null
-# fss-0002
-
-main:
- # initialize the firewall
- action none
- direction none
- protocol none
- chain none
-
- rule -F
- rule -Z
-
- tool iptables
- rule -t nat -F
- rule -t mangle -F
- tool ip46tables
-
-
-INPUT:
- # main input chain, expect this to act as the final RETURN handler.
- direction input
- protocol none
-
- # handle local (loopback) connections.
- device lo
- rule -j input-loop
- device all
-
- # Drop all INVALID packets so they aren't even processed
- rule -m conntrack --ctstate INVALID -j input-invalid
-
- # Allow ALL connections that have already been established by this host
- #rule -m state --state ESTABLISHED,RELATED -j ACCEPT
- rule -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
- # send to whitelist and blacklist, which should return here.
- rule -j input-blacklist
- rule -j input-whitelist
-
- # Drop multicasts and broadcasts, they should not exist for a router and in most cases should be avoided.
- # unicasts are the normal behavior and blocking them would be very unusual.
- rule -m pkttype --pkt-type broadcast -j input-casting
- rule -m pkttype --pkt-type multicast -j input-casting
- #rule -m pkttype --pkt-type unicast -j input-casting
-
- # send all tcp packets to the tcp queue
- protocol tcp
- rule -m state --state NEW -j input-tcp
-
- # send all udp packets to the udp queue
- protocol udp
- rule -m state --state NEW -j input-udp
-
- # send all icmp packets to the icmp queue
- protocol icmp
- rule -m state --state NEW -j input-icmp
-
- # send all icmpv6 packets to the icmpv6 queue
- tool ip6tables
- protocol icmpv6
- rule -m state --state NEW -j input-icmpv6
- tool ip46tables
-
- # load custom device-specific rules
- rule -j input-devices
-
- # remaining packets
- #rule -j LOG --log-prefix "INPUT:"
- rule -j DROP
-
-
-input-invalid:
- direction input
- protocol none
-
- # silently drop invalid RST tcp packets instead of sending a RST back.
- protocol tcp
- rule --tcp-flags RST RST -j DROP
-
- # invalid FIN,ACK (server is wanting a FIN response), silently DROP it, send RST back, or send a FIN back.
- #rule --tcp-flags ALL ACK,FIN -j DROP
- #rule --tcp-flags ALL ACK,FIN -j REJECT --reject-with tcp-reset
- rule --tcp-flags ALL ACK,FIN -j ACCEPT
-
-
- # remaining packets
- protocol none
- #rule -j LOG --log-prefix "INV_IN:"
- rule -j DROP
-
-
-input-invalid-stream:
- direction input
- protocol tcp
-
- # remaining packets
- rule -j REJECT --reject-with tcp-reset
-
-
-input-loop:
- direction input
- protocol none
-
- # allow cups via loopback.
- protocol tcp
- tool iptables
- rule --sport 631 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
- rule --dport 631 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-
- # allow local dns server
- #protocol udp
- #rule --dport 53 -s 127.0.0.0/8 -d 127.0.1.1 -j ACCEPT
-
- # this is the localhost address, valid localhost are allowed to return to the previous chain.
- protocol none
- rule -s 127.0.0.0/8 -d 127.0.0.0/8 -j RETURN
- tool ip6tables
- rule -s ::1 -d ::1 -j RETURN
- tool iptables
-
- # it may be necessay to add a return for individual ips because there are some cases that result in non-localhost addresses going through loopback.
- #rule -s 192.168.0.1 -d 192.168.0.1 -j RETURN
- tool ip46tables
-
- # remaining packets
- #rule -j DROP
- rule -j RETURN
-
-
-input-blacklist:
- direction input
- protocol none
-
-
-input-whitelist:
- direction input
- protocol none
-
-
-input-devices:
- direction input
- protocol none
-
- # add device-specific rules here.
-
-
-input-tcp:
- direction input
- protocol tcp
-
- # Resist TCP sequence number spoof attacks.
- rule --tcp-flags SYN,ACK SYN,ACK -m conntrack --ctstate NEW -j input-invalid
-
- # TCP streams must always start with SYN, all others are invalid and may be an attack.
- rule ! --syn -m conntrack --ctstate NEW -j input-invalid-stream
-
- # Prevent an XMAS attacks
- rule --tcp-flags ALL FIN,URG,PSH -j input-invalid
- rule --tcp-flags ALL ALL -j input-invalid
- rule --tcp-flags ALL SYN,RST,ACK,FIN,URG -j input-invalid
-
- # Prevent NULL attack
- rule --tcp-flags ALL NONE -j input-invalid
-
- # Prevent Sync Reset Attacks
- rule --tcp-flags SYN,RST SYN,RST -j input-invalid
- rule --tcp-flags SYN,FIN SYN,FIN -j input-invalid
-
- # XMPP ports.
- #rule -m multiport --dports 5222,5223,5269 -j ACCEPT
-
- # Postgresql standard port
- #rule --dport 5432 -j ACCEPT
-
- # Mysql standard port
- #rule --dport 5432 -j ACCEPT
-
- # Oracle standard port
- #rule --dport 1521 -j ACCEPT
-
- # Web standard ports
- #rule -m multiport --dports 80,443,8080,8181,8443,8099,9000,9001,9002 -j ACCEPT
-
- # ldap standard ports
- #rule -m multiport --dports 389,636,1636 -j ACCEPT
-
- # mail standard ports
- #rule -m multiport --dports 25,465,993 -j ACCEPT
-
- # ssh standard port
- #rule --dport 22 -j ACCEPT
-
- # require 3 knocks before opening the door for SSH.
- #rule --dport 22 -m state --state NEW -m recent --set
- #rule --dport 22 -m state --state NEW -m recent --update --seconds 15 --hitcount 3 -j ACCEPT
-
- # common chef ssh ports
- #rule --dport 2200:2210 -j ACCEPT
-
- # gpg standard port
- #rule --dport 9050 -j ACCEPT
-
- # ftp standard port
- #rule --dport 21 -j ACCEPT
-
- # dns standard port (via tcp)
- #rule --dport 53 -j ACCEPT
-
- # rdp standard port
- #rule --dport 3389 -j ACCEPT
-
- # spice standard ports
- #rule -m multiport --dports 5900:5905 -j ACCEPT
-
- # allow high ports
- #rule -m multiport --dports 49152:65535 -j ACCEPT
-
- # accept all loopback
- tool iptables
- rule -d 127.0.0.0/8 -j ACCEPT
- tool ip6tables
- rule -d ::1 -j ACCEPT
- tool ip46tables
-
-
-input-udp:
- direction input
- protocol udp
-
- # openvpn standard port
- #rule --dport 1194 -j ACCEPT
-
- # dns standard port
- #rule --dport 53 -j ACCEPT
-
- # mdns standard port
- #rule --dport 5353 -j ACCEPT
-
- # dhcp standard port
- rule --sport 67:68 --dport 67:68 -j ACCEPT
-
- # ntp standard port
- #rule --dport 123 -j ACCEPT
-
- # teeworlds game server and client
- #rule --dport 8300:8310 -j ACCEPT
-
- # XMPP ports.
- #rule -m multiport --dports 5222,5223,5269 -j ACCEPT
-
- # allow high ports
- #rule -m multiport --dports 49152:65535 -j ACCEPT
-
- # accept all loopback
- tool iptables
- rule -d 127.0.0.0/8 -j ACCEPT
- tool ip6tables
- rule -d ::1 -j ACCEPT
- tool ip46tables
-
-
-input-icmp:
- direction input
- protocol icmp
- tool iptables
-
- # destination unreachable
- rule --icmp-type 3 -j ACCEPT
-
- # redirect
- rule --icmp-type 5 -j ACCEPT
-
- # (outgoing) ping
- rule --icmp-type 0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
- # time exceeded
- rule --icmp-type 11 -j ACCEPT
-
- # parameter problem
- rule --icmp-type 12 -j ACCEPT
-
- # all loopback ICMP traffic
- tool iptables
- rule -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
- tool ip46tables
-
- # remaining packets
- #rule -j LOG --log-prefix "ICMP_IN:"
- #rule -j DROP
- rule -j ACCEPT
-
-
-input-icmpv6:
- direction input
- protocol icmp
- tool ip6tables
-
- #rule -j LOG --log-prefix "ICMP6_IN:"
- #rule -j DROP
- rule -j ACCEPT
-
- tool ip46tables
-
-
-input-casting:
- direction input
- protocol none
- tool ip46tables
-
- # do not auto-drop dhcp messages sent from a dhcp server to a local dhcp client.
- # dhcp offer/acknowledge (the source address must be the routers address, so do not allow 0.0.0.0/0)
- protocol udp
- tool iptables
- rule --sport 67 -d 255.255.255.255 --dport 68 -j RETURN
- protocol none
-
- # Move ICMPv6 along.
- tool ip6tables
- protocol icmpv6
- rule -m state --state NEW -j input-icmpv6
- tool ip46tables
-
- # drop all remaining broadcasts and multicasts
- #rule -j LOG --log-prefix "CAST_IN:"
- #rule -j DROP
- rule -j RETURN
-
-
-OUTPUT:
- # main output chain, expect this to act as the final RETURN handler.
- direction output
- protocol none
-
- # handle local (loopback) connections.
- device lo
- rule -j output-loop
- device all
-
- # Drop all INVALID packets so they aren't even processed
- rule -m conntrack --ctstate INVALID -j output-invalid
-
- # Allow ALL connections that have already been established by this host
- #rule -m state --state ESTABLISHED,RELATED -j ACCEPT
- rule -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
- # send to whitelist and blacklist, which should return here.
- rule -j input-blacklist
- rule -j input-whitelist
-
- # Drop multicasts and broadcasts, they should not exist for a router and in most cases should be avoided.
- # unicasts are the normal behavior and blocking them would be very unusual.
- rule -m pkttype --pkt-type broadcast -j output-casting
- rule -m pkttype --pkt-type multicast -j output-casting
- #rule -m pkttype --pkt-type unicast -j output-casting
-
- # send all tcp packets to the tcp queue
- protocol tcp
- rule -m state --state NEW -j output-tcp
-
- # send all udp packets to the udp queue
- protocol udp
- rule -m state --state NEW -j output-udp
-
- # send all icmp packets to the icmp queue
- protocol icmp
- rule -m state --state NEW -j output-icmp
-
- # send all icmpv6 packets to the icmpv6 queue
- tool ip6tables
- protocol icmpv6
- rule -m state --state NEW -j output-icmpv6
- tool ip46tables
-
- # load custom device-specific rules
- rule -j input-devices
-
- # remaining packets
- #rule -j LOG --log-prefix "OUTPUT:"
- #rule -j DROP
- rule -j ACCEPT
-
-
-output-invalid:
- direction output
- protocol none
-
- # remaining packets
- #rule -j LOG --log-prefix "INV_OUT:"
- rule -j DROP
-
-
-output-invalid-stream:
- direction input
- protocol tcp
-
- # remaining packets
- rule -j REJECT --reject-with tcp-reset
-
-
-output-loop:
- direction output
- protocol none
-
- # allow cups via loopback.
- protocol tcp
- tool iptables
- rule --sport 631 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
- rule --dport 631 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-
- # allow local dns server
- protocol udp
- rule --sport 53 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-
- # this is the localhost address, valid localhost are allowed to return to the previous chain.
- protocol none
- rule -s 127.0.0.0/8 -d 127.0.0.0/8 -j RETURN
-
- # it may be necessay to add a return for individual ips because there are some cases that result in non-localhost addresses going through loopback.
- #rule -s 192.168.0.1 -d 192.168.0.1 -j RETURN
- tool ip46tables
-
- # remaining packets
- #rule -j DROP
- rule -j RETURN
-
-
-output-blacklist:
- direction output
- protocol none
-
-
-output-whitelist:
- direction output
- protocol none
-
-
-output-devices:
- direction output
- protocol none
-
- # add device-specific rules here.
-
-
-output-tcp:
- direction output
- protocol tcp
-
- # allow sending TCP RST even when there is no valid local connection
- protocol tcp
- rule --tcp-flags RST RST -j ACCEPT
-
- # allow sending ACK,PSH,FIN even when there is no valid local connection.
- # the connection may already be closed locally by the time this packet goes out and it could improperly be marked as invalid before it leaves the system.
- # allowing this ensures that the client gets the final disconnect acknowledgment.
- rule --tcp-flags ALL ACK,FIN -j ACCEPT
- rule --tcp-flags ALL ACK,PSH,FIN -j ACCEPT
-
- # Resist TCP sequence number spoof attacks.
- rule --tcp-flags SYN,ACK SYN,ACK -m conntrack --ctstate NEW -j input-invalid
-
- # TCP streams must always start with SYN, all others are invalid and may be an attack.
- rule ! --syn -m conntrack --ctstate NEW -j output-invalid-stream
-
- # Prevent an XMAS attacks
- rule --tcp-flags ALL FIN,URG,PSH -j output-invalid
- rule --tcp-flags ALL ALL -j output-invalid
- rule --tcp-flags ALL SYN,RST,ACK,FIN,URG -j output-invalid
-
- # Prevent NULL attack
- rule --tcp-flags ALL NONE -j output-invalid
-
- # Prevent Sync Reset Attacks
- rule --tcp-flags SYN,RST SYN,RST -j output-invalid
- rule --tcp-flags SYN,FIN SYN,FIN -j output-invalid
-
- # Postgresql standard port
- #rule --sport 5432 -j ACCEPT
-
- # Mysql standard port
- #rule --sport 5432 -j ACCEPT
-
- # Oracle standard port
- #rule --sport 1521 -j ACCEPT
-
- # Web standard ports
- rule -m multiport --dports 80,443,8080,8181,8443,8099,9000,9001,9002 -j ACCEPT
- #rule -m multiport --sports 80,443,8080,8181,8443,8099,9000,9001,9002 -j ACCEPT
-
- # ldap standard ports
- rule -m multiport --dports 389,636,1636 -j ACCEPT
- #rule -m multiport --sports 389,636,1636 -j ACCEPT
-
- # mail standard ports
- rule -m multiport --dports 25,465,993 -j ACCEPT
- #rule -m multiport --sports 25,465,993 -j ACCEPT
-
- # XMPP ports
- rule -m multiport --dports 5222,5223,5269 -j ACCEPT
-
- # ssh standard port
- rule --dport 22 -j ACCEPT
- #rule --sport 22 -j ACCEPT
-
- # common chef ssh ports
- #rule --dport 2200:2210 -j ACCEPT
- #rule --sport 2200:2210 -j ACCEPT
-
- # gpg standard port
- rule --dport 9050 -j ACCEPT
- #rule --sport 9050 -j ACCEPT
-
- # pgp keyserver port
- rule --dport 11371 -j ACCEPT
-
- # ftp standard port
- rule --dport 21 -j ACCEPT
- #rule --sport 21 -j ACCEPT
-
- # dns standard port (via tcp)
- rule --dport 53 -j ACCEPT
- #rule --sport 53 -j ACCEPT
-
- # rdp standard port
- rule --dport 3389 -j ACCEPT
- #rule --sport 3389 -j ACCEPT
-
- # spice standard ports
- rule -m multiport --dports 5900:5905 -j ACCEPT
- #rule -m multiport --sports 5900:5905 -j ACCEPT
-
- # allow high ports
- rule -m multiport --sports 49152:65535 -j ACCEPT
- #rule -m multiport --dports 49152:65535 -j ACCEPT
-
- # accept all loopback
- tool iptables
- rule -s 127.0.0.0/8 -j ACCEPT
- tool ip6tables
- rule -d ::1 -j ACCEPT
- tool ip46tables
-
-
-output-udp:
- direction output
- protocol udp
-
- # openvpn standard port
- rule --dport 1194 -j ACCEPT
- #rule --sport 1194 -j ACCEPT
-
- # dns standard port
- rule --dport 53 -j ACCEPT
- #rule --sport 53 -j ACCEPT
-
- # mdns standard port
- #rule --dport 5353 -j ACCEPT
- #rule --sport 5353 -j ACCEPT
-
- # dhcp standard port
- rule --sport 67:68 --dport 67:68 -j ACCEPT
-
- # ntp standard port
- rule --dport 123 -j ACCEPT
- #rule --sport 123 -j ACCEPT
-
- # ntpsec standard port
- rule --dport 4460 -j ACCEPT
-
- # teeworlds game server and client
- rule --dport 8300:8310 -j ACCEPT
-
- # XMPP ports
- rule -m multiport --dports 5222,5223,5269 -j ACCEPT
-
- # allow high ports
- rule -m multiport --sports 49152:65535 -j ACCEPT
- #rule -m multiport --dports 49152:65535 -j ACCEPT
-
- # accept all loopback
- tool iptables
- rule -s 127.0.0.0/8 -j ACCEPT
- tool ip6tables
- rule -d ::1 -j ACCEPT
- tool ip46tables
-
-
-output-icmp:
- direction output
- protocol icmp
- tool iptables
-
- # destination unreachable
- rule --icmp-type 3 -j ACCEPT
-
- # redirect
- rule --icmp-type 5 -j ACCEPT
-
- # (outgoing) ping
- rule --icmp-type 8 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
-
- # time exceeded
- rule --icmp-type 11 -j ACCEPT
-
- # parameter problem
- rule --icmp-type 12 -j ACCEPT
-
- # all loopback ICMP traffic
- tool iptables
- rule -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
- tool ip46tables
-
- # remaining packets
- #rule -j LOG --log-prefix "ICMP_OUT:"
- #rule -j DROP
- rule -j ACCEPT
-
-
-output-icmpv6:
- direction output
- protocol icmp
- tool ip6tables
-
- #rule -j LOG --log-prefix "ICMP6_OUT:"
- #rule -j DROP
- rule -j ACCEPT
-
- tool ip46tables
-
-
-output-casting:
- direction output
- protocol none
- tool ip46tables
-
- # do not auto-drop dhcp client messages sent to a dhcp server.
- # dhcp discover/request (for the request, the dhcp server ip address is known but for some reason the dhcp standard states tat the src is 0.0.0.0.
- protocol udp
- tool iptables
- rule --sport 68 -d 255.255.255.255 --dport 67 -j RETURN
- protocol none
- tool ip46tables
-
- # Move ICMPv6 along.
- tool ip6tables
- protocol icmpv6
- rule -m state --state NEW -j output-icmpv6
- tool ip46tables
-
- # drop all remaining broadcasts and multicasts
- #rule -j LOG --log-prefix "CAST:"
- #rule -j DROP
- rule -j ACCEPT
-
-
-FORWARD:
-
- # load custom device-specific rules
- rule -j forward-devices
-
- #rule -j LOG --log-prefix "FORWARDs:"
- #rule -j DROP
- rule -j ACCEPT
-
-
-forward-devices:
-
- # add device-specific rules here.
+++ /dev/null
-# fss-0002
-
+++ /dev/null
-# fss-0002
-
-stop:
- action policy
-
- chain INPUT
- rule ACCEPT
-
- chain OUTPUT
- rule ACCEPT
-
- chain FORWARD
- rule ACCEPT
-
- chain none
- direction none
- action none
- rule -t filter --flush
-
- tool iptables
- rule -t nat --flush
- rule -t mangle --flush
- tool ip46tables
-
- rule --delete-chain
-
- tool iptables
- rule -t nat --delete-chain
- rule -t mangle --delete-chain
- tool ip46tables
-
-
-lock:
- action policy
-
- chain INPUT
- rule DROP
-
- chain OUTPUT
- rule DROP
-
- chain FORWARD
- rule DROP
-
- chain none
- direction none
- action none
- rule --flush
-
- tool iptables
- rule -t nat --flush
- rule -t mangle --flush
- tool ip46tables
-
- rule --delete-chain
-
- tool iptables
- rule -t nat --delete-chain
- rule -t mangle --delete-chain
- tool ip46tables
-
- device lo
- action insert
- direction output
- chain OUTPUT
- rule -j ACCEPT
- direction input
- chain INPUT
- rule -j ACCEPT
projects / fll / commitdiff