Location based firewall support (FS#26380)

Provide a sample hook file for supporting firewall rule sets based on network 'locations'.

2 files changed, 18 insertions, 1 deletions

diff --git a/Makefile b/Makefile
index 15f28f8..b4ad9d7 100644
--- a/Makefile
+++ b/Makefile
@@ -45,7 +45,7 @@ install-docs: docs
 	install -m644 docs/*.8 $(DESTDIR)/usr/share/man/man8/
 	install -d $(DESTDIR)/usr/share/doc/netcfg/contrib
 	install -m644 docs/*.html $(DESTDIR)/usr/share/doc/netcfg/
-	install -m644 contrib/{logging.hook,pm-utils.handler} $(DESTDIR)/usr/share/doc/netcfg/contrib/
+	install -m644 contrib/{*.hook,pm-utils.handler} $(DESTDIR)/usr/share/doc/netcfg/contrib/
 
 docs:
 	$(MAKE) -C $@
diff --git a/contrib/iptables.hook b/contrib/iptables.hook
new file mode 100755
index 0000000..95546ba
--- /dev/null
+++ b/contrib/iptables.hook
@@ -0,0 +1,17 @@
+### Sample netcfg hook script for location based firewall rules.
+### To install, make this executable and put it in /usr/lib/network/hooks
+
+### USAGE
+## You need to have iptables installed to use this script.
+## Add a location to your network profile and add firewall to your POST_UP.
+## The iptables setup in /etc/iptables/$LOCATION.rules will now be loaded
+## automatically when a connection is established.
+##
+## Sample excerpt from the profile:
+##     LOCATION="library"
+##     POST_UP="firewall"
+
+function firewall {
+	/usr/sbin/iptables-restore < "/etc/iptables/$LOCATION.rules"
+}
+