diff options
13 files changed, 49 insertions, 49 deletions
diff --git a/templates/firewall/broadcast-ping/node.def b/templates/firewall/broadcast-ping/node.def index f49831c..5b2dbd5 100644 --- a/templates/firewall/broadcast-ping/node.def +++ b/templates/firewall/broadcast-ping/node.def @@ -3,9 +3,9 @@ help: "ignore all ICMP ECHO and TIMESTAMP requests sent via broadcast/multicast" default: "disable" syntax: $(@) in "enable", "disable"; "broadcast-ping must be enable or disable" create: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; \ - else echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; fi" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; fi" update: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; \ - else echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; fi" -delete: "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; fi" +delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"" diff --git a/templates/firewall/ip-src-route/node.def b/templates/firewall/ip-src-route/node.def index eb8bc0a..1eed14d 100644 --- a/templates/firewall/ip-src-route/node.def +++ b/templates/firewall/ip-src-route/node.def @@ -3,9 +3,9 @@ help: "Accept packets with SRR option" default: "disable" syntax: $(@) in "enable", "disable"; "ip-src-route must be enable or disable" create: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route; \ - else echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route; fi" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; fi" update: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route; \ - else echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route; fi" -delete: "echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; fi" +delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\"" diff --git a/templates/firewall/log-martians/node.def b/templates/firewall/log-martians/node.def index 928a23a..f6a7114 100644 --- a/templates/firewall/log-martians/node.def +++ b/templates/firewall/log-martians/node.def @@ -3,9 +3,9 @@ help: "Allow syslog logging of packets with impossible addresses" default: "enable" syntax: $(@) in "enable", "disable"; "log-martians must be enable or disable" create: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/conf/all/log_martians; \ - else echo 0 > /proc/sys/net/ipv4/conf/all/log_martians; fi" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/log_martians\"; fi" update: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/conf/all/log_martians; \ - else echo 0 > /proc/sys/net/ipv4/conf/all/log_martians; fi" -delete: "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/log_martians\"; fi" +delete: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\"" diff --git a/templates/firewall/node.def b/templates/firewall/node.def index 8ffda0a..3710efb 100644 --- a/templates/firewall/node.def +++ b/templates/firewall/node.def @@ -1,4 +1,4 @@ help: "Configure firewall" -end: "/opt/vyatta/sbin/vyatta-firewall.pl --update-rules" -create: "/opt/vyatta/sbin/vyatta-firewall.pl --setup" -delete: "/opt/vyatta/sbin/vyatta-firewall.pl --teardown" +end: "sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules" +create: "sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup" +delete: "sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown" diff --git a/templates/firewall/receive-redirects/node.def b/templates/firewall/receive-redirects/node.def index cd3504b..923b099 100644 --- a/templates/firewall/receive-redirects/node.def +++ b/templates/firewall/receive-redirects/node.def @@ -3,9 +3,9 @@ help: "accept redirects" default: "disable" syntax: $(@) in "enable", "disable"; "receive-redirects must be enable or disable" create: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects; \ - else echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects; fi" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; fi" update: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects; \ - else echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects; fi" -delete: "echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; fi" +delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\"" diff --git a/templates/firewall/send-redirects/node.def b/templates/firewall/send-redirects/node.def index f5ecea7..533c8e7 100644 --- a/templates/firewall/send-redirects/node.def +++ b/templates/firewall/send-redirects/node.def @@ -3,9 +3,9 @@ help: "send ICMP redirects" default: "disable" syntax: $(@) in "enable", "disable"; "send-redirects must be enable or disable" create: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects; \ - else echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects; fi" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\"; fi" update: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects; \ - else echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects; fi" -delete: "echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\"; fi" +delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\"" diff --git a/templates/firewall/syn-cookies/node.def b/templates/firewall/syn-cookies/node.def index df9f5a9..93fde14 100644 --- a/templates/firewall/syn-cookies/node.def +++ b/templates/firewall/syn-cookies/node.def @@ -3,6 +3,6 @@ help: "use TCP syn cookies" default: "enable" syntax: $(@) in "enable", "disable"; "syn-cookies must be enable or disable" update: "if [ x$(@) == xenable ]; \ - then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; \ - else echo 0 > /proc/sys/net/ipv4/tcp_syncookies; fi" -delete: "echo 1 > /proc/sys/net/ipv4/tcp_syncookies" + then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/tcp_syncookies\"; \ + else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/tcp_syncookies\"; fi" +delete: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/tcp_syncookies\"" diff --git a/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def b/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def index c3e58b7..3d6edc0 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def @@ -2,13 +2,13 @@ type: txt help: "Inbound interface filter name" create: "sh -c \"echo create eth=[$(../../..)] dir=[$(..)] name=[$(@)] \ >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../..) $(..) $(@)\" " update: "sh -c \"echo update eth=[$(../../..)] dir=[$(..)] name=[$(@)] \ >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../..) $(..) $(@)\" " delete: "sh -c \"echo delete eth=[$(../../..)] dir=[$(..)] name=[$(@)] \ >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces delete $(../../..) $(..) $(@)\" " diff --git a/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def b/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def index e0a2fa5..b359d0b 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def @@ -2,13 +2,13 @@ type: txt help: "Local filter name" create: "sh -c \"echo create eth=[$(../../..)] dir=[$(..)] name=[$(@)] \ >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../..) $(..) $(@)\" " update: "sh -c \"echo update eth=[$(../../..)] dir=[$(..)] name=[$(@)] \ >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../..) $(..) $(@)\" " delete: "sh -c \"echo delete eth=[$(../../..)] dir=[$(..)] name=[$(@)] \ >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces delete $(../../..) $(..) $(@)\" " diff --git a/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def b/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def index 9828c9c..6f76fdb 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def @@ -2,13 +2,13 @@ type: txt help: "Outbound interface filter name" create: "sh -c \"echo create eth=[$(../../..)] dir=[$(..)] name=[$(@)] \ >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../..) $(..) $(@)\" " update: "sh -c \"echo update eth=[$(../../..)] dir=[$(..)] name=[$(@)] \ >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../..) $(..) $(@)\" " delete: "sh -c \"echo delete eth=[$(../../..)] dir=[$(..)] name=[$(@)] \ >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces delete $(../../..) $(..) $(@)\" " diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def index 10ee0bb..3477429 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def @@ -2,13 +2,13 @@ type: txt help: "Inbound interface filter name" create: "sh -c \"echo create eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" " update: "sh -c \"echo update eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" " delete: "sh -c \"echo delete eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces delete $(../../../../..).$(../../..) $(..) $(@)\" " diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def index d8dfd8b..fbc5602 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def @@ -1,13 +1,13 @@ type: txt help: "Local filter name" create: "sh -c \"echo create eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" " update: "sh -c \"echo update eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" " delete: "sh -c \"echo delete eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces delete $(../../../../..).$(../../..) $(..) $(@)\" " diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def index c3ec18a..a91ee13 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def @@ -1,13 +1,13 @@ type: txt help: "Outbound interface filter name" create: "sh -c \"echo create eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" " update: "sh -c \"echo update eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces update $(../../../../..).$(../../..) $(..) $(@)\" " delete: "sh -c \"echo delete eth=[$(../../../../..)] vif=[$(../../..)] \ dir=[$(..)] name=[$(@)] >> /tmp/cli.log && \ -/opt/vyatta/sbin/vyatta-firewall.pl \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ --update-interfaces delete $(../../../../..).$(../../..) $(..) $(@)\" " |