Annotation of /trunk/iptables/iptables.rc
Parent Directory | Revision Log
Revision 548 -
(hide annotations)
(download)
Thu Mar 27 10:40:32 2008 UTC (16 years, 7 months ago) by niro
File size: 2717 byte(s)
Thu Mar 27 10:40:32 2008 UTC (16 years, 7 months ago) by niro
File size: 2717 byte(s)
-fixed a small typo
1 | niro | 51 | #!/bin/sh |
2 | niro | 548 | # $Header: /root/magellan-cvs/src/iptables/iptables.rc,v 1.2 2008-03-27 10:40:32 niro Exp $ |
3 | niro | 51 | |
4 | #%rlevels: 2:s 3:s 4:s 5:s 0:k 1:k 6:k | ||
5 | #%start: 15 | ||
6 | #%stop: 55 | ||
7 | |||
8 | #deps | ||
9 | #%needs: | ||
10 | #%before: | ||
11 | #%after: | ||
12 | |||
13 | source /etc/sysconfig/rc | ||
14 | source $rc_functions | ||
15 | |||
16 | # default cmds | ||
17 | SVC_NAME=iptables | ||
18 | IPTABLES=/sbin/iptables | ||
19 | IPTABLES_SAVE=/sbin/iptables-save | ||
20 | IPTABLES_RESTORE=/sbin/iptables-restore | ||
21 | IPTABLES_PROC=/proc/net/ip_tables_names | ||
22 | |||
23 | # read config | ||
24 | source /etc/conf.d/${SVC_NAME} | ||
25 | |||
26 | checkconfig() | ||
27 | { | ||
28 | if [[ ! -f ${IPTABLES_SAVE_PATH} ]] | ||
29 | then | ||
30 | echo -e ${COLRED} "Not starting ${SVC_NAME}. First create some rules then run:" | ||
31 | echo -e ${COLRED} "/etc/init.d/${SVC_NAME} save" | ||
32 | exit 1 | ||
33 | fi | ||
34 | return 0 | ||
35 | } | ||
36 | |||
37 | set_table_policy() | ||
38 | { | ||
39 | local chains | ||
40 | local chain | ||
41 | |||
42 | table=$1 | ||
43 | policy=$2 | ||
44 | |||
45 | # select correct rules from corresponding chains | ||
46 | case ${table} in | ||
47 | nat) chains="PREROUTING POSTROUTING OUTPUT";; | ||
48 | mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; | ||
49 | filter) chains="INPUT FORWARD OUTPUT";; | ||
50 | *) chains="";; | ||
51 | esac | ||
52 | |||
53 | # set rules to given policy | ||
54 | for chain in ${chains} | ||
55 | do | ||
56 | ${IPTABLES} -t ${table} -P ${chain} ${policy} | ||
57 | done | ||
58 | } | ||
59 | |||
60 | case "$1" in | ||
61 | start) | ||
62 | checkconfig | ||
63 | echo -e ${COLOREDSTAR}"Loading ${SVC_NAME} ruleset ..." | ||
64 | |||
65 | ${IPTABLES_RESTORE} ${SAVE_RESTORE_OPTIONS} < "${IPTABLES_SAVE_PATH}" | ||
66 | evaluate_retval | ||
67 | |||
68 | update_svcstatus $1 | ||
69 | splash svc_started "$(basename $0)" 0 | ||
70 | ;; | ||
71 | |||
72 | stop) | ||
73 | if [[ ${SAVE_ON_STOP} = yes ]] | ||
74 | then | ||
75 | $0 save | ||
76 | fi | ||
77 | |||
78 | echo -e ${COLOREDSTAR}"Stopping ${SVC_NAME} and reseting ruleset ..." | ||
79 | |||
80 | for rule in $(<${IPTABLES_PROC}) | ||
81 | do | ||
82 | # flush rules | ||
83 | ${IPTABLES} -F -t ${rule} | ||
84 | |||
85 | # delete chains | ||
86 | ${IPTABLES} -X -t ${rule} | ||
87 | |||
88 | # set all policies to ACCEPT | ||
89 | set_table_policy ${rule} ACCEPT | ||
90 | done | ||
91 | evaluate_retval | ||
92 | |||
93 | update_svcstatus $1 | ||
94 | splash svc_stopped "$(basename $0)" 0 | ||
95 | ;; | ||
96 | |||
97 | reload) | ||
98 | echo -e ${COLOREDSTAR}"Flushing ${SVC_NAME} ruleset ..." | ||
99 | for rule in $(<${IPTABLES_PROC}) | ||
100 | do | ||
101 | # flush rules | ||
102 | ${IPTABLES} -F -t ${rule} | ||
103 | |||
104 | # delete chains | ||
105 | ${IPTABLES} -X -t ${rule} | ||
106 | done | ||
107 | $0 start | ||
108 | ;; | ||
109 | |||
110 | save) | ||
111 | echo -e ${COLOREDSTAR}"Saving ${SVC_NAME} ruleset ..." | ||
112 | niro | 548 | [ ! -d $(dirname ${IPTABLES_SAVE_PATH}) ] && |
113 | niro | 51 | install -d $(dirname ${IPTABLES_SAVE_PATH}) |
114 | touch "${IPTABLES_SAVE_PATH}" | ||
115 | chmod 0600 "${IPTABLES_SAVE_PATH}" | ||
116 | ${IPTABLES_SAVE} ${SAVE_RESTORE_OPTIONS} > "${IPTABLES_SAVE_PATH}" | ||
117 | ;; | ||
118 | |||
119 | panic) | ||
120 | echo -e ${COLOREDSTAR}"Enabled Panic-Mode for ${SVC_NAME} (DROP ALL) ..." | ||
121 | for rule in $(<${IPTABLES_PROC}) | ||
122 | do | ||
123 | ${IPTABLES} -F -t ${rule} | ||
124 | ${IPTABLES} -X -t ${rule} | ||
125 | |||
126 | set_table_policy ${rule} DROP | ||
127 | done | ||
128 | evaluate_retval | ||
129 | ;; | ||
130 | |||
131 | restart) | ||
132 | $0 stop | ||
133 | sleep 1 | ||
134 | $0 start | ||
135 | ;; | ||
136 | |||
137 | *) | ||
138 | echo "Usage: $0 {start|stop|reload|save|panic|restart}" | ||
139 | exit 1 | ||
140 | ;; | ||
141 | esac |