summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBob Gilligan <gilligan@sydney.vyatta.com>2007-12-19 10:52:27 -0800
committerBob Gilligan <gilligan@sydney.vyatta.com>2007-12-19 10:52:27 -0800
commit3300c6c8adcf73277107011b859bfb5c3866cb12 (patch)
tree2a3634f4415faa9785c646afafe9f65df526cb6e
parente9d379a3129cc655453dc4b8abe55abe0ef60522 (diff)
downloadvyatta-cfg-firewall-3300c6c8adcf73277107011b859bfb5c3866cb12.tar.gz
vyatta-cfg-firewall-3300c6c8adcf73277107011b859bfb5c3866cb12.zip
Fix commands so that they work for non-root users.
-rw-r--r--templates/firewall/broadcast-ping/node.def10
-rw-r--r--templates/firewall/ip-src-route/node.def10
-rw-r--r--templates/firewall/log-martians/node.def10
-rw-r--r--templates/firewall/node.def6
-rw-r--r--templates/firewall/receive-redirects/node.def10
-rw-r--r--templates/firewall/send-redirects/node.def10
-rw-r--r--templates/firewall/syn-cookies/node.def6
-rw-r--r--templates/interfaces/ethernet/node.tag/firewall/in/name/node.def6
-rw-r--r--templates/interfaces/ethernet/node.tag/firewall/local/name/node.def6
-rw-r--r--templates/interfaces/ethernet/node.tag/firewall/out/name/node.def6
-rw-r--r--templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def6
-rw-r--r--templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def6
-rw-r--r--templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def6
13 files changed, 49 insertions, 49 deletions
diff --git a/templates/firewall/broadcast-ping/node.def b/templates/firewall/broadcast-ping/node.def
index f49831c..5b2dbd5 100644
--- a/templates/firewall/broadcast-ping/node.def
+++ b/templates/firewall/broadcast-ping/node.def
@@ -3,9 +3,9 @@ help: "ignore all ICMP ECHO and TIMESTAMP requests sent via broadcast/multicast"
default: "disable"
syntax: $(@) in "enable", "disable"; "broadcast-ping must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; \
- else echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; \
- else echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; fi"
-delete: "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; fi"
+delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\""
diff --git a/templates/firewall/ip-src-route/node.def b/templates/firewall/ip-src-route/node.def
index eb8bc0a..1eed14d 100644
--- a/templates/firewall/ip-src-route/node.def
+++ b/templates/firewall/ip-src-route/node.def
@@ -3,9 +3,9 @@ help: "Accept packets with SRR option"
default: "disable"
syntax: $(@) in "enable", "disable"; "ip-src-route must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route; fi"
-delete: "echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; fi"
+delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\""
diff --git a/templates/firewall/log-martians/node.def b/templates/firewall/log-martians/node.def
index 928a23a..f6a7114 100644
--- a/templates/firewall/log-martians/node.def
+++ b/templates/firewall/log-martians/node.def
@@ -3,9 +3,9 @@ help: "Allow syslog logging of packets with impossible addresses"
default: "enable"
syntax: $(@) in "enable", "disable"; "log-martians must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/log_martians; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/log_martians; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/log_martians\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/log_martians; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/log_martians; fi"
-delete: "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/log_martians\"; fi"
+delete: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\""
diff --git a/templates/firewall/node.def b/templates/firewall/node.def
index 8ffda0a..3710efb 100644
--- a/templates/firewall/node.def
+++ b/templates/firewall/node.def
@@ -1,4 +1,4 @@
help: "Configure firewall"
-end: "/opt/vyatta/sbin/vyatta-firewall.pl --update-rules"
-create: "/opt/vyatta/sbin/vyatta-firewall.pl --setup"
-delete: "/opt/vyatta/sbin/vyatta-firewall.pl --teardown"
+end: "sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules"
+create: "sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup"
+delete: "sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown"
diff --git a/templates/firewall/receive-redirects/node.def b/templates/firewall/receive-redirects/node.def
index cd3504b..923b099 100644
--- a/templates/firewall/receive-redirects/node.def
+++ b/templates/firewall/receive-redirects/node.def
@@ -3,9 +3,9 @@ help: "accept redirects"
default: "disable"
syntax: $(@) in "enable", "disable"; "receive-redirects must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects; fi"
-delete: "echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; fi"
+delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\""
diff --git a/templates/firewall/send-redirects/node.def b/templates/firewall/send-redirects/node.def
index f5ecea7..533c8e7 100644
--- a/templates/firewall/send-redirects/node.def
+++ b/templates/firewall/send-redirects/node.def
@@ -3,9 +3,9 @@ help: "send ICMP redirects"
default: "disable"
syntax: $(@) in "enable", "disable"; "send-redirects must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects; fi"
-delete: "echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\"; fi"
+delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\""
diff --git a/templates/firewall/syn-cookies/node.def b/templates/firewall/syn-cookies/node.def
index df9f5a9..93fde14 100644
--- a/templates/firewall/syn-cookies/node.def
+++ b/templates/firewall/syn-cookies/node.def
@@ -3,6 +3,6 @@ help: "use TCP syn cookies"
default: "enable"
syntax: $(@) in "enable", "disable"; "syn-cookies must be enable or disable"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; \
- else echo 0 > /proc/sys/net/ipv4/tcp_syncookies; fi"
-delete: "echo 1 > /proc/sys/net/ipv4/tcp_syncookies"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/tcp_syncookies\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/tcp_syncookies\"; fi"
+delete: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/tcp_syncookies\""
diff --git a/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def b/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def
index c3e58b7..3d6edc0 100644
--- a/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def
+++ b/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def
@@ -2,13 +2,13 @@ type: txt
help: "Inbound interface filter name"
create: "sh -c \"echo create eth=[$(../../..)] dir=[$(..)] name=[$(@)] \
>> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../..) $(..) $(@)\" "
update: "sh -c \"echo update eth=[$(../../..)] dir=[$(..)] name=[$(@)] \
>> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../..) $(..) $(@)\" "
delete: "sh -c \"echo delete eth=[$(../../..)] dir=[$(..)] name=[$(@)] \
>> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces delete $(../../..) $(..) $(@)\" "
diff --git a/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def b/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def
index e0a2fa5..b359d0b 100644
--- a/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def
+++ b/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def
@@ -2,13 +2,13 @@ type: txt
help: "Local filter name"
create: "sh -c \"echo create eth=[$(../../..)] dir=[$(..)] name=[$(@)] \
>> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../..) $(..) $(@)\" "
update: "sh -c \"echo update eth=[$(../../..)] dir=[$(..)] name=[$(@)] \
>> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../..) $(..) $(@)\" "
delete: "sh -c \"echo delete eth=[$(../../..)] dir=[$(..)] name=[$(@)] \
>> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces delete $(../../..) $(..) $(@)\" "
diff --git a/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def b/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def
index 9828c9c..6f76fdb 100644
--- a/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def
+++ b/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def
@@ -2,13 +2,13 @@ type: txt
help: "Outbound interface filter name"
create: "sh -c \"echo create eth=[$(../../..)] dir=[$(..)] name=[$(@)] \
>> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../..) $(..) $(@)\" "
update: "sh -c \"echo update eth=[$(../../..)] dir=[$(..)] name=[$(@)] \
>> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../..) $(..) $(@)\" "
delete: "sh -c \"echo delete eth=[$(../../..)] dir=[$(..)] name=[$(@)] \
>> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces delete $(../../..) $(..) $(@)\" "
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def
index 10ee0bb..3477429 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def
@@ -2,13 +2,13 @@ type: txt
help: "Inbound interface filter name"
create: "sh -c \"echo create eth=[$(../../../../..)] vif=[$(../../..)] \
dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" "
update: "sh -c \"echo update eth=[$(../../../../..)] vif=[$(../../..)] \
dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" "
delete: "sh -c \"echo delete eth=[$(../../../../..)] vif=[$(../../..)] \
dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces delete $(../../../../..).$(../../..) $(..) $(@)\" "
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def
index d8dfd8b..fbc5602 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def
@@ -1,13 +1,13 @@
type: txt
help: "Local filter name"
create: "sh -c \"echo create eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" "
update: "sh -c \"echo update eth=[$(../../../../..)] vif=[$(../../..)] \
dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" "
delete: "sh -c \"echo delete eth=[$(../../../../..)] vif=[$(../../..)] \
dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces delete $(../../../../..).$(../../..) $(..) $(@)\" "
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def
index c3ec18a..a91ee13 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def
@@ -1,13 +1,13 @@
type: txt
help: "Outbound interface filter name"
create: "sh -c \"echo create eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" "
update: "sh -c \"echo update eth=[$(../../../../..)] vif=[$(../../..)] \
dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" "
delete: "sh -c \"echo delete eth=[$(../../../../..)] vif=[$(../../..)] \
dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \
-/opt/vyatta/sbin/vyatta-firewall.pl \
+sudo /opt/vyatta/sbin/vyatta-firewall.pl \
--update-interfaces delete $(../../../../..).$(../../..) $(..) $(@)\" "