Annotation of /trunk/ebtables/ebtables.sh
Parent Directory | Revision Log
Revision 1816 -
(hide annotations)
(download)
(as text)
Tue Jun 26 18:57:10 2012 UTC (12 years, 4 months ago) by niro
File MIME type: application/x-sh
File size: 2248 byte(s)
Tue Jun 26 18:57:10 2012 UTC (12 years, 4 months ago) by niro
File MIME type: application/x-sh
File size: 2248 byte(s)
-systemd helper script
1 | niro | 1816 | #!/bin/bash |
2 | # $Id$ | ||
3 | # ebtables configuration script for systemd | ||
4 | |||
5 | # default cmds | ||
6 | SVC_NAME=ebtables | ||
7 | IPTABLES=/sbin/ebtables | ||
8 | IPTABLES_SAVE=/sbin/ebtables-save | ||
9 | IPTABLES_RESTORE=/sbin/ebtables-restore | ||
10 | IPTABLES_PROC=/proc/net/eb_tables_names | ||
11 | SYSTEMDLIBDIR=/usr/lib/systemd | ||
12 | |||
13 | # read config | ||
14 | source /etc/conf.d/${SVC_NAME} | ||
15 | |||
16 | checkconfig() | ||
17 | { | ||
18 | if [[ ! -f ${EBTABLES_SAVE_PATH} ]] | ||
19 | then | ||
20 | echo "Not starting ${SVC_NAME}. First create some rules then run:" | ||
21 | echo "${SYSTEMDLIBDIR}/magellan-${SVC_NAME} save" | ||
22 | exit 1 | ||
23 | fi | ||
24 | return 0 | ||
25 | } | ||
26 | |||
27 | set_table_policy() | ||
28 | { | ||
29 | local chains | ||
30 | local chain | ||
31 | |||
32 | table=$1 | ||
33 | policy=$2 | ||
34 | |||
35 | # select correct rules from corresponding chains | ||
36 | case ${table} in | ||
37 | nat) chains="PREROUTING POSTROUTING OUTPUT";; | ||
38 | broute) chains="BROUTING";; | ||
39 | filter) chains="INPUT FORWARD OUTPUT";; | ||
40 | *) chains="";; | ||
41 | esac | ||
42 | |||
43 | # set rules to given policy | ||
44 | for chain in ${chains} | ||
45 | do | ||
46 | ${EBTABLES} -t ${table} -P ${chain} ${policy} | ||
47 | done | ||
48 | } | ||
49 | |||
50 | case "$1" in | ||
51 | start) | ||
52 | checkconfig | ||
53 | echo "Loading ${SVC_NAME} ruleset ..." | ||
54 | ${IPTABLES_RESTORE} ${SAVE_RESTORE_OPTIONS} < "${EBTABLES_SAVE_PATH}" | ||
55 | ;; | ||
56 | |||
57 | stop) | ||
58 | if [[ ${SAVE_ON_STOP} = yes ]] | ||
59 | then | ||
60 | $0 save | ||
61 | fi | ||
62 | |||
63 | echo "Stopping ${SVC_NAME} and reseting ruleset ..." | ||
64 | for rule in $(<${EBTABLES_PROC}) | ||
65 | do | ||
66 | # flush rules | ||
67 | ${EBTABLES} -F -t ${rule} | ||
68 | |||
69 | # delete chains | ||
70 | ${EBTABLES} -X -t ${rule} | ||
71 | |||
72 | # set all policies to ACCEPT | ||
73 | set_table_policy ${rule} ACCEPT | ||
74 | done | ||
75 | ;; | ||
76 | |||
77 | reload) | ||
78 | echo "Flushing ${SVC_NAME} ruleset ..." | ||
79 | for rule in $(<${EBTABLES_PROC}) | ||
80 | do | ||
81 | # flush rules | ||
82 | ${EBTABLES} -F -t ${rule} | ||
83 | |||
84 | # delete chains | ||
85 | ${EBTABLES} -X -t ${rule} | ||
86 | done | ||
87 | $0 start | ||
88 | ;; | ||
89 | |||
90 | save) | ||
91 | echo "Saving ${SVC_NAME} ruleset ..." | ||
92 | [ ! -d $(dirname ${EBTABLES_SAVE_PATH}) ] && | ||
93 | install -d $(dirname ${EBTABLES_SAVE_PATH}) | ||
94 | touch "${EBTABLES_SAVE_PATH}" | ||
95 | chmod 0600 "${EBTABLES_SAVE_PATH}" | ||
96 | ${EBTABLES_SAVE} ${SAVE_RESTORE_OPTIONS} > "${EBTABLES_SAVE_PATH}" | ||
97 | ;; | ||
98 | |||
99 | panic) | ||
100 | echo "Enabled Panic-Mode for ${SVC_NAME} (DROP ALL) ..." | ||
101 | for rule in $(<${EBTABLES_PROC}) | ||
102 | do | ||
103 | ${EBTABLES} -F -t ${rule} | ||
104 | ${EBTABLES} -X -t ${rule} | ||
105 | |||
106 | set_table_policy ${rule} DROP | ||
107 | done | ||
108 | ;; | ||
109 | |||
110 | restart) | ||
111 | $0 stop | ||
112 | sleep 1 | ||
113 | $0 start | ||
114 | ;; | ||
115 | |||
116 | *) | ||
117 | echo "Usage: $0 {start|stop|reload|save|panic|restart}" | ||
118 | exit 1 | ||
119 | ;; | ||
120 | esac |