#!/bin/sh # $Header: /root/magellan-cvs/src/ebtables/ebtables.rc,v 1.1 2007-12-14 10:49:34 niro Exp $ #%rlevels: 2:s 3:s 4:s 5:s 0:k 1:k 6:k #%start: 15 #%stop: 55 #deps #%needs: #%before: #%after: source /etc/sysconfig/rc source $rc_functions # default cmds SVC_NAME=ebtables IPTABLES=/sbin/ebtables IPTABLES_SAVE=/sbin/ebtables-save IPTABLES_RESTORE=/sbin/ebtables-restore IPTABLES_PROC=/proc/net/eb_tables_names # read config source /etc/conf.d/${SVC_NAME} checkconfig() { if [[ ! -f ${EBTABLES_SAVE_PATH} ]] then rc_echo -e ${COLRED} "Not starting ${SVC_NAME}. First create some rules then run:" rc_echo -e ${COLRED} "/etc/init.d/${SVC_NAME} save" exit 1 fi return 0 } set_table_policy() { local chains local chain table=$1 policy=$2 # select correct rules from corresponding chains case ${table} in nat) chains="PREROUTING POSTROUTING OUTPUT";; broute) chains="BROUTING";; filter) chains="INPUT FORWARD OUTPUT";; *) chains="";; esac # set rules to given policy for chain in ${chains} do ${EBTABLES} -t ${table} -P ${chain} ${policy} done } case "$1" in start) checkconfig rc_print "Loading ${SVC_NAME} ruleset ..." ${IPTABLES_RESTORE} ${SAVE_RESTORE_OPTIONS} < "${EBTABLES_SAVE_PATH}" evaluate_retval update_svcstatus $1 splash svc_started "$(basename $0)" 0 ;; stop) if [[ ${SAVE_ON_STOP} = yes ]] then $0 save fi rc_print "Stopping ${SVC_NAME} and reseting ruleset ..." for rule in $(<${EBTABLES_PROC}) do # flush rules ${EBTABLES} -F -t ${rule} # delete chains ${EBTABLES} -X -t ${rule} # set all policies to ACCEPT set_table_policy ${rule} ACCEPT done evaluate_retval update_svcstatus $1 splash svc_stopped "$(basename $0)" 0 ;; reload) rc_print "Flushing ${SVC_NAME} ruleset ..." for rule in $(<${EBTABLES_PROC}) do # flush rules ${EBTABLES} -F -t ${rule} # delete chains ${EBTABLES} -X -t ${rule} done $0 start ;; save) rc_print "Saving ${SVC_NAME} ruleset ..." [ ! -d $(dirname ${EBTABLES_SAVE_PATH}) ] && install -d $(dirname ${EBTABLES_SAVE_PATH}) touch "${EBTABLES_SAVE_PATH}" chmod 0600 "${EBTABLES_SAVE_PATH}" ${EBTABLES_SAVE} ${SAVE_RESTORE_OPTIONS} > "${EBTABLES_SAVE_PATH}" ;; panic) rc_print "Enabled Panic-Mode for ${SVC_NAME} (DROP ALL) ..." for rule in $(<${EBTABLES_PROC}) do ${EBTABLES} -F -t ${rule} ${EBTABLES} -X -t ${rule} set_table_policy ${rule} DROP done evaluate_retval ;; restart) $0 stop sleep 1 $0 start ;; *) rc_echo "Usage: $0 {start|stop|reload|save|panic|restart}" exit 1 ;; esac