summaryrefslogtreecommitdiff
path: root/templates/firewall
diff options
context:
space:
mode:
Diffstat (limited to 'templates/firewall')
-rw-r--r--templates/firewall/broadcast-ping/node.def10
-rw-r--r--templates/firewall/ip-src-route/node.def10
-rw-r--r--templates/firewall/log-martians/node.def10
-rw-r--r--templates/firewall/node.def6
-rw-r--r--templates/firewall/receive-redirects/node.def10
-rw-r--r--templates/firewall/send-redirects/node.def10
-rw-r--r--templates/firewall/syn-cookies/node.def6
7 files changed, 31 insertions, 31 deletions
diff --git a/templates/firewall/broadcast-ping/node.def b/templates/firewall/broadcast-ping/node.def
index f49831c..5b2dbd5 100644
--- a/templates/firewall/broadcast-ping/node.def
+++ b/templates/firewall/broadcast-ping/node.def
@@ -3,9 +3,9 @@ help: "ignore all ICMP ECHO and TIMESTAMP requests sent via broadcast/multicast"
default: "disable"
syntax: $(@) in "enable", "disable"; "broadcast-ping must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; \
- else echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; \
- else echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; fi"
-delete: "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\"; fi"
+delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\""
diff --git a/templates/firewall/ip-src-route/node.def b/templates/firewall/ip-src-route/node.def
index eb8bc0a..1eed14d 100644
--- a/templates/firewall/ip-src-route/node.def
+++ b/templates/firewall/ip-src-route/node.def
@@ -3,9 +3,9 @@ help: "Accept packets with SRR option"
default: "disable"
syntax: $(@) in "enable", "disable"; "ip-src-route must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route; fi"
-delete: "echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\"; fi"
+delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\""
diff --git a/templates/firewall/log-martians/node.def b/templates/firewall/log-martians/node.def
index 928a23a..f6a7114 100644
--- a/templates/firewall/log-martians/node.def
+++ b/templates/firewall/log-martians/node.def
@@ -3,9 +3,9 @@ help: "Allow syslog logging of packets with impossible addresses"
default: "enable"
syntax: $(@) in "enable", "disable"; "log-martians must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/log_martians; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/log_martians; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/log_martians\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/log_martians; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/log_martians; fi"
-delete: "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/log_martians\"; fi"
+delete: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\""
diff --git a/templates/firewall/node.def b/templates/firewall/node.def
index 8ffda0a..3710efb 100644
--- a/templates/firewall/node.def
+++ b/templates/firewall/node.def
@@ -1,4 +1,4 @@
help: "Configure firewall"
-end: "/opt/vyatta/sbin/vyatta-firewall.pl --update-rules"
-create: "/opt/vyatta/sbin/vyatta-firewall.pl --setup"
-delete: "/opt/vyatta/sbin/vyatta-firewall.pl --teardown"
+end: "sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules"
+create: "sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup"
+delete: "sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown"
diff --git a/templates/firewall/receive-redirects/node.def b/templates/firewall/receive-redirects/node.def
index cd3504b..923b099 100644
--- a/templates/firewall/receive-redirects/node.def
+++ b/templates/firewall/receive-redirects/node.def
@@ -3,9 +3,9 @@ help: "accept redirects"
default: "disable"
syntax: $(@) in "enable", "disable"; "receive-redirects must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects; fi"
-delete: "echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\"; fi"
+delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\""
diff --git a/templates/firewall/send-redirects/node.def b/templates/firewall/send-redirects/node.def
index f5ecea7..533c8e7 100644
--- a/templates/firewall/send-redirects/node.def
+++ b/templates/firewall/send-redirects/node.def
@@ -3,9 +3,9 @@ help: "send ICMP redirects"
default: "disable"
syntax: $(@) in "enable", "disable"; "send-redirects must be enable or disable"
create: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects; fi"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\"; fi"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects; \
- else echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects; fi"
-delete: "echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\"; fi"
+delete: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\""
diff --git a/templates/firewall/syn-cookies/node.def b/templates/firewall/syn-cookies/node.def
index df9f5a9..93fde14 100644
--- a/templates/firewall/syn-cookies/node.def
+++ b/templates/firewall/syn-cookies/node.def
@@ -3,6 +3,6 @@ help: "use TCP syn cookies"
default: "enable"
syntax: $(@) in "enable", "disable"; "syn-cookies must be enable or disable"
update: "if [ x$(@) == xenable ]; \
- then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; \
- else echo 0 > /proc/sys/net/ipv4/tcp_syncookies; fi"
-delete: "echo 1 > /proc/sys/net/ipv4/tcp_syncookies"
+ then sudo sh -c \"echo 1 > /proc/sys/net/ipv4/tcp_syncookies\"; \
+ else sudo sh -c \"echo 0 > /proc/sys/net/ipv4/tcp_syncookies\"; fi"
+delete: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/tcp_syncookies\""
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 05:58:06 +0000