Magellan Linux

Annotation of /trunk/ebtables/ebtables.sh

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1816 - (hide annotations) (download) (as text)
Tue Jun 26 18:57:10 2012 UTC (12 years, 4 months ago) by niro
File MIME type: application/x-sh
File size: 2248 byte(s)
-systemd helper script
1 niro 1816 #!/bin/bash
2     # $Id$
3     # ebtables configuration script for systemd
4    
5     # default cmds
6     SVC_NAME=ebtables
7     IPTABLES=/sbin/ebtables
8     IPTABLES_SAVE=/sbin/ebtables-save
9     IPTABLES_RESTORE=/sbin/ebtables-restore
10     IPTABLES_PROC=/proc/net/eb_tables_names
11     SYSTEMDLIBDIR=/usr/lib/systemd
12    
13     # read config
14     source /etc/conf.d/${SVC_NAME}
15    
16     checkconfig()
17     {
18     if [[ ! -f ${EBTABLES_SAVE_PATH} ]]
19     then
20     echo "Not starting ${SVC_NAME}. First create some rules then run:"
21     echo "${SYSTEMDLIBDIR}/magellan-${SVC_NAME} save"
22     exit 1
23     fi
24     return 0
25     }
26    
27     set_table_policy()
28     {
29     local chains
30     local chain
31    
32     table=$1
33     policy=$2
34    
35     # select correct rules from corresponding chains
36     case ${table} in
37     nat) chains="PREROUTING POSTROUTING OUTPUT";;
38     broute) chains="BROUTING";;
39     filter) chains="INPUT FORWARD OUTPUT";;
40     *) chains="";;
41     esac
42    
43     # set rules to given policy
44     for chain in ${chains}
45     do
46     ${EBTABLES} -t ${table} -P ${chain} ${policy}
47     done
48     }
49    
50     case "$1" in
51     start)
52     checkconfig
53     echo "Loading ${SVC_NAME} ruleset ..."
54     ${IPTABLES_RESTORE} ${SAVE_RESTORE_OPTIONS} < "${EBTABLES_SAVE_PATH}"
55     ;;
56    
57     stop)
58     if [[ ${SAVE_ON_STOP} = yes ]]
59     then
60     $0 save
61     fi
62    
63     echo "Stopping ${SVC_NAME} and reseting ruleset ..."
64     for rule in $(<${EBTABLES_PROC})
65     do
66     # flush rules
67     ${EBTABLES} -F -t ${rule}
68    
69     # delete chains
70     ${EBTABLES} -X -t ${rule}
71    
72     # set all policies to ACCEPT
73     set_table_policy ${rule} ACCEPT
74     done
75     ;;
76    
77     reload)
78     echo "Flushing ${SVC_NAME} ruleset ..."
79     for rule in $(<${EBTABLES_PROC})
80     do
81     # flush rules
82     ${EBTABLES} -F -t ${rule}
83    
84     # delete chains
85     ${EBTABLES} -X -t ${rule}
86     done
87     $0 start
88     ;;
89    
90     save)
91     echo "Saving ${SVC_NAME} ruleset ..."
92     [ ! -d $(dirname ${EBTABLES_SAVE_PATH}) ] &&
93     install -d $(dirname ${EBTABLES_SAVE_PATH})
94     touch "${EBTABLES_SAVE_PATH}"
95     chmod 0600 "${EBTABLES_SAVE_PATH}"
96     ${EBTABLES_SAVE} ${SAVE_RESTORE_OPTIONS} > "${EBTABLES_SAVE_PATH}"
97     ;;
98    
99     panic)
100     echo "Enabled Panic-Mode for ${SVC_NAME} (DROP ALL) ..."
101     for rule in $(<${EBTABLES_PROC})
102     do
103     ${EBTABLES} -F -t ${rule}
104     ${EBTABLES} -X -t ${rule}
105    
106     set_table_policy ${rule} DROP
107     done
108     ;;
109    
110     restart)
111     $0 stop
112     sleep 1
113     $0 start
114     ;;
115    
116     *)
117     echo "Usage: $0 {start|stop|reload|save|panic|restart}"
118     exit 1
119     ;;
120     esac