[PATCH] Automate iptable rules generation

[Joshua Pritikin]

---
 sysconfig/iptables-config           |    7 +----
 sysconfig/olpc-scripts/gen-iptables |   46 +++++++++++++++++++++++++++++++++++
 sysconfig/xs_wan_device             |    1 +
 3 files changed, 49 insertions(+), 5 deletions(-)
 create mode 100755 sysconfig/olpc-scripts/gen-iptables
 create mode 100644 sysconfig/xs_wan_device

diff --git a/sysconfig/iptables-config b/sysconfig/iptables-config
index 819d809..f22076e 100755
--- a/sysconfig/iptables-config
+++ b/sysconfig/iptables-config
@@ -7,11 +7,8 @@
 ## config settings
 SERVER_NUM=`cat /etc/sysconfig/xs_server_number`
 if [ $SERVER_NUM=1 ];then
-    if [ -e /etc/sysconfig/xs_httpcache_on ]; then
-	IPTABLES_DATA=/etc/sysconfig/olpc-scripts/iptables.principal.cache
-    else
-	IPTABLES_DATA=/etc/sysconfig/olpc-scripts/iptables.principal
-    fi
+    IPTABLES_DATA=/etc/sysconfig/olpc-scripts/iptables-xs
+    /etc/sysconfig/olpc-scripts/gen-iptables > $IPTABLES_DATA
 fi
 
 # Load additional iptables modules (nat helpers)
diff --git a/sysconfig/olpc-scripts/gen-iptables b/sysconfig/olpc-scripts/gen-iptables
new file mode 100755
index 0000000..e67cdfa
--- /dev/null
+++ b/sysconfig/olpc-scripts/gen-iptables
@@ -0,0 +1,46 @@
+#!/usr/bin/python
+
+import re;
+import os;
+import logging;
+
+#sysconfig = './'   # for testing
+sysconfig = '/etc/sysconfig/'
+
+wan = 'eth0'
+try:
+     conf = sysconfig + 'xs_wan_device'
+     file = open(conf)
+     wan = file.readline()
+     wan = re.sub(r'\s$', '', wan)
+except IOError:
+     logging.warning(conf + " not found, assuming "+wan)
+     
+try:
+     conf = sysconfig + 'xs_httpcache_on'
+     os.stat(conf)
+     squid = 1
+except OSError:
+     squid = 0
+
+#print("wan="+wan+" squid=%i" % squid)
+
+print '''\
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]'''
+
+if squid:
+     for inf in ('lanbond0', 'mshbond0', 'mshbond1', 'mshbond2'):
+          print '-A PREROUTING -i %s -p tcp --dport 80 -j REDIRECT --to-ports 3128' % inf
+
+print '-A POSTROUTING -o %s -j MASQUERADE' % wan
+
+print '''\
+COMMIT
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT'''
diff --git a/sysconfig/xs_wan_device b/sysconfig/xs_wan_device
new file mode 100644
index 0000000..d4398d5
--- /dev/null
+++ b/sysconfig/xs_wan_device
@@ -0,0 +1 @@
+ppp0
-- 
1.6.0.6


--7pXD3OQNRL3RjWCz--