Magellan Linux

Contents of /trunk/iptables/iptables.rc

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1427 - (show annotations) (download)
Mon Jul 18 18:33:25 2011 UTC (13 years, 3 months ago) by niro
File size: 2661 byte(s)
-use rc_echo() and rc_print()
1 #!/bin/sh
2 # $Header: /root/magellan-cvs/src/iptables/iptables.rc,v 1.2 2008-03-27 10:40:32 niro Exp $
3
4 #%rlevels: 2:s 3:s 4:s 5:s 0:k 1:k 6:k
5 #%start: 15
6 #%stop: 55
7
8 #deps
9 #%needs:
10 #%before:
11 #%after:
12
13 source /etc/sysconfig/rc
14 source $rc_functions
15
16 # default cmds
17 SVC_NAME=iptables
18 IPTABLES=/sbin/iptables
19 IPTABLES_SAVE=/sbin/iptables-save
20 IPTABLES_RESTORE=/sbin/iptables-restore
21 IPTABLES_PROC=/proc/net/ip_tables_names
22
23 # read config
24 source /etc/conf.d/${SVC_NAME}
25
26 checkconfig()
27 {
28 if [[ ! -f ${IPTABLES_SAVE_PATH} ]]
29 then
30 rc_echo -e ${COLRED} "Not starting ${SVC_NAME}. First create some rules then run:"
31 rc_echo -e ${COLRED} "/etc/init.d/${SVC_NAME} save"
32 exit 1
33 fi
34 return 0
35 }
36
37 set_table_policy()
38 {
39 local chains
40 local chain
41
42 table=$1
43 policy=$2
44
45 # select correct rules from corresponding chains
46 case ${table} in
47 nat) chains="PREROUTING POSTROUTING OUTPUT";;
48 mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
49 filter) chains="INPUT FORWARD OUTPUT";;
50 *) chains="";;
51 esac
52
53 # set rules to given policy
54 for chain in ${chains}
55 do
56 ${IPTABLES} -t ${table} -P ${chain} ${policy}
57 done
58 }
59
60 case "$1" in
61 start)
62 checkconfig
63 rc_print "Loading ${SVC_NAME} ruleset ..."
64
65 ${IPTABLES_RESTORE} ${SAVE_RESTORE_OPTIONS} < "${IPTABLES_SAVE_PATH}"
66 evaluate_retval
67
68 update_svcstatus $1
69 splash svc_started "$(basename $0)" 0
70 ;;
71
72 stop)
73 if [[ ${SAVE_ON_STOP} = yes ]]
74 then
75 $0 save
76 fi
77
78 rc_print "Stopping ${SVC_NAME} and reseting ruleset ..."
79
80 for rule in $(<${IPTABLES_PROC})
81 do
82 # flush rules
83 ${IPTABLES} -F -t ${rule}
84
85 # delete chains
86 ${IPTABLES} -X -t ${rule}
87
88 # set all policies to ACCEPT
89 set_table_policy ${rule} ACCEPT
90 done
91 evaluate_retval
92
93 update_svcstatus $1
94 splash svc_stopped "$(basename $0)" 0
95 ;;
96
97 reload)
98 rc_print "Flushing ${SVC_NAME} ruleset ..."
99 for rule in $(<${IPTABLES_PROC})
100 do
101 # flush rules
102 ${IPTABLES} -F -t ${rule}
103
104 # delete chains
105 ${IPTABLES} -X -t ${rule}
106 done
107 $0 start
108 ;;
109
110 save)
111 rc_print "Saving ${SVC_NAME} ruleset ..."
112 [ ! -d $(dirname ${IPTABLES_SAVE_PATH}) ] &&
113 install -d $(dirname ${IPTABLES_SAVE_PATH})
114 touch "${IPTABLES_SAVE_PATH}"
115 chmod 0600 "${IPTABLES_SAVE_PATH}"
116 ${IPTABLES_SAVE} ${SAVE_RESTORE_OPTIONS} > "${IPTABLES_SAVE_PATH}"
117 ;;
118
119 panic)
120 rc_print "Enabled Panic-Mode for ${SVC_NAME} (DROP ALL) ..."
121 for rule in $(<${IPTABLES_PROC})
122 do
123 ${IPTABLES} -F -t ${rule}
124 ${IPTABLES} -X -t ${rule}
125
126 set_table_policy ${rule} DROP
127 done
128 evaluate_retval
129 ;;
130
131 restart)
132 $0 stop
133 sleep 1
134 $0 start
135 ;;
136
137 *)
138 rc_echo "Usage: $0 {start|stop|reload|save|panic|restart}"
139 exit 1
140 ;;
141 esac