summaryrefslogtreecommitdiffstats
path: root/ferm
diff options
context:
space:
mode:
Diffstat (limited to 'ferm')
-rw-r--r--ferm/config.d/example4
-rw-r--r--ferm/ferm.conf13
-rwxr-xr-xferm/include-by-hostname10
3 files changed, 17 insertions, 10 deletions
diff --git a/ferm/config.d/example b/ferm/config.d/example
deleted file mode 100644
index 4c3c9f1..0000000
--- a/ferm/config.d/example
+++ /dev/null
@@ -1,4 +0,0 @@
-
-@def $NET_DMZ = 12.168.5.5/24;
-
-
diff --git a/ferm/ferm.conf b/ferm/ferm.conf
index 6b30039..edae031 100644
--- a/ferm/ferm.conf
+++ b/ferm/ferm.conf
@@ -3,7 +3,10 @@
# Configuration file for ferm(1).
#
-# host
+@hook pre "#";
+@hook pre "# Entr'ouvert firewall config, generated by ferm";
+@hook pre "#";
+
@def $IP_WAN = 176.31.123.109;
@def $DEV_WAN = eth0;
@@ -33,8 +36,8 @@
# supervision servers (munin, nagios)
@def $SUPERVISORS = (212.85.154.22 88.190.46.145);
-@include 'config.d/';
-@include 'pre.d/';
+@include './include-by-hostname config.d|';
+@include './include-by-hostname pre.d|';
# $VMS = 1 if there are VMs with public IPs
@def $VMS = 0;
@@ -44,7 +47,6 @@
@if $NET_VMS_PRIVATE @if $DEV_VMS_PRIVATE @def $VMS_PRIVATE = 1;
# output some debug informations
-@hook pre "# (c) entr'ouvert";
@hook post "# VMS = $VMS";
@hook post "# VMS_PRIVATE = $VMS_PRIVATE";
@@ -197,6 +199,5 @@ table filter {
outerface $DEV_WAN
SNAT to $IP_WAN;
-@include 'local.d/';
-@include 'post.d/';
+@include './include-by-hostname post.d|';
diff --git a/ferm/include-by-hostname b/ferm/include-by-hostname
new file mode 100755
index 0000000..109a3aa
--- /dev/null
+++ b/ferm/include-by-hostname
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+INCLUDE=$1/`hostname -f`
+if [ ! -r $INCLUDE ]; then
+ echo "ERROR:no-file-$INCLUDE"
+else
+ echo '@hook pre "# File included: '$INCLUDE'";'
+ cat $INCLUDE
+fi
+