Small iptables profile manager script

scripts/firewall.sh

@@ -0,0 +1,99 @@
+#!/bin/bash
+
+CONFIGS=${XDG_CONFIG_HOME:-~/.config}
+PROFILES=$CONFIGS/firewall.d
+[ ! -d "$PROFILES" ] && mkdir -p "$PROFILES"
+DEFAULT_PROFILE="$PROFILES/default"
+
+get_profile_path() {
+    profile=$1
+    if [ -z "$profile" ]; then
+        echo $DEFAULT_PROFILE
+    else
+        echo "$PROFILES/${profile}.rules"
+    fi
+}
+
+set_default_profile() {
+    profile=$1
+    if [ -n "$profile" ]; then
+        profile_path=$(get_profile_path "$profile")
+        ln -sf "$profile_path" "$DEFAULT_PROFILE"
+    fi
+}
+
+load_profile() {
+    profile=$1
+    profile_path=$(get_profile_path $profile)
+    if [ ! -e "$profile_path" ]; then
+        return 1
+    else
+        iptables-restore < $profile_path
+        return $?
+    fi
+}
+
+save_profile() {
+    profile=$1
+    profile_path=$(get_profile_path $profile)
+    iptables-save > $profile_path
+    return $?
+}
+
+do_load() {
+    profile=$1
+    
+    if load_profile $profile; then
+        echo "Profile ${profile:-default} loaded successfully."
+        set_default_profile $profile
+    else
+        echo "Loading profile ${profile:-default} failed."
+    fi
+}
+
+do_save() {
+    profile=$1
+    
+    if save_profile $profile; then
+        echo "Profile ${profile:-default} saved successfully."
+        set_default_profile $profile
+    else
+        echo "Saving profile ${profile:-default} failed."
+    fi
+}
+
+do_list() {
+    echo "List of profiles:"
+    ls $PROFILES | egrep '.rules$' | sed 's/.rules$//g'
+}
+
+
+if [ "$1" == "-h" -o "$1" == "help" ]; then
+    cat <<EOF
+$0 <command>
+
+Commands:
+- load
+- save
+- list
+EOF
+    exit
+fi
+
+if [ "$UID" -ne 0 ]; then
+    echo "You have to be root."
+    exit 1
+fi
+
+case $1 in
+    load)
+        do_load $2
+        ;;
+    save)
+        do_save $2
+        ;;
+    list)
+        do_list
+        ;;
+esac
+