-
Notifications
You must be signed in to change notification settings - Fork 0
/
firewall-iptables
executable file
·131 lines (120 loc) · 3.26 KB
/
firewall-iptables
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/bash -e
### BEGIN INIT INFO
# Provides: firewall-iptables
# Required-Start: networking
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Basic iptables firewall with port forwarding.
# Description: Based off David A. Ranch (http://www.ecst.csuchico.edu/~dranch). Rewritten here as an debian Linux init script.
# You'll probably have to edit default port list, and interface names. All the rules are add/rm by up/down scripts.
### END INIT INFO
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Basic iptables firewall"
NAME=firewall-iptables
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS="--options args"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
FIREWALL_SCRIPT_DIR=/etc/firewall-iptables/scripts.d
FIREWALL_CONFFILE=/etc/default/firewall-iptables
# Check that networking is up.
[[ "${NETWORKING}" = "no" ]] && exit 0
# Read configuration variable file if it is present.
[ -r "$FIREWALL_CONFFILE" ] && . "$FIREWALL_CONFFILE"
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions. Depend on lsb-base (>= 3.2-14) to ensure that this file is present and status_of_proc is working.
. /lib/lsb/init-functions
# Set up firewall.
# -ve bias by default - rejects stuff that does not pass.
function set_firewall_rules()
{
FIREWALL_CONFFILE="$FIREWALL_CONFFILE" run-parts --regex="[0-9]{3}-[a-z-]*" --report --arg=start "$FIREWALL_SCRIPT_DIR"
}
function clear_firewall_chains()
{
FIREWALL_CONFFILE="$FIREWALL_CONFFILE" run-parts --regex="[0-9]{3}-[a-z-]*" --report --arg=stop "$FIREWALL_SCRIPT_DIR"
}
function do_start()
{
echo "Starting simple firewall-iptables."
set_firewall_rules
echo -n "Started firewall-iptables."
success
echo
return 0
}
function do_stop()
{
echo "Stopping firewall-iptables."
clear_firewall_chains
echo -n "Stopped firewall-iptables."
success
echo
return 0
}
function do_restart()
{
$0 stop
$0 start
return $?
}
function do_status()
{
$IPTABLES -L
return 0
}
function success()
{
echo -n ""
}
function do_run()
{
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
restart|force-reload)
# If the "reload" option is implemented then remove the
# 'force-reload' alias
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 3
;;
esac
return 0;
}
do_run "$@"
exit 0;