[packages/filtergen.git] / filter.init

#!/bin/sh
# ipchains/iptables rules generator
#
# chkconfig:	345 15 85
# description:	ipchains/iptables rules generator

# Source function library
. /etc/rc.d/init.d/functions

# Get network config
. /etc/sysconfig/network

# Get service config
CONFIG=/etc/filter/simple.conf
GEN_CONFIG=/etc/filter/generated_rules
SUBSYS=/var/lock/subsys/filter
[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter

# Check that networking is up.
# if is_no "${NETWORKING}" ; then
#    msg_network_down "filter"
# 	exit 1
# fi

confstatus() {
   if [ ! -e $GEN_CONFIG ]; then
      confstatus=3
   elif [ $GEN_CONFIG -ot $CONFIG ]; then
      confstatus=2
   elif [ $SUBSYS -ot $GEN_CONFIG ]; then
      confstatus=1
   else
      confstatus=0
   fi
}

find_filter() {
   iptables=`which iptables 2> /dev/null`
   ipchains=`which ipchains 2> /dev/null`
   if [ -n "$iptables" ]; then
      filter=$iptables
   elif [ -n "$ipchains" ]; then
      filter=$ipchains
   else
      nls "ipchains/iptables not found. cannot continue"
      exit 1
      filter=
   fi
}

# See how we were called.
case "$1" in
  start)
      confstatus
      if [ $confstatus -ge 0 ]; then
         if [ $confstatus -gt 0 ]; then
            $0 init
         fi
         show "Setting filter rules"
         busy
         sh $GEN_CONFIG
         RETVAL=$?
         if [ $RETVAL = 0 ]; then
            touch $SUBSYS
            ok
         else
            fail
         fi
      fi
      ;;
  stop)
  show "Flushing filter rules"
      find_filter
      $filter -F
      RETVAL=$?
      if [ $RETVAL = 0 ]; then
         rm -f $SUBSYS
         ok
      else
         fail
      fi
      ;;
  init)
      show "Generating $GEN_CONFIG"
      find_filter
      umask 077
      filtergen $CONFIG `basename $filter` > $GEN_CONFIG
      ;;
  restart)
      $0 stop
      $0 start
      ;;
  status)
      confstatus
      case "$confstatus" in
         3)
         nls "$GEN_CONFIG not generated"
         ;;
         2)
         nls "$GEN_CONFIG outdated"
         ;;
         1)
         nls "$GEN_CONFIG not applied"
         ;;
         0)
         nls "filter rules applied"
         ;;
      esac
      ;;
  *)
      msg_Usage "$0 {start|stop|restart|init|status}"
      exit 1
      ;;
esac

exit $RETVAL
Commit	Line	Data
b3aa5a3a	1	#!/bin/sh
	2	# ipchains/iptables rules generator
	3	#
	4	# chkconfig: 345 15 85
	5	# description: ipchains/iptables rules generator
	6
	7	# Source function library
	8	. /etc/rc.d/init.d/functions
	9
	10	# Get network config
	11	. /etc/sysconfig/network
	12
	13	# Get service config
	14	CONFIG=/etc/filter/simple.conf
	15	GEN_CONFIG=/etc/filter/generated_rules
	16	SUBSYS=/var/lock/subsys/filter
	17	[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter
	18
	19	# Check that networking is up.
	20	# if is_no "${NETWORKING}" ; then
	21	# msg_network_down "filter"
	22	# exit 1
	23	# fi
	24
	25	confstatus() {
	26	if [ ! -e $GEN_CONFIG ]; then
	27	confstatus=3
	28	elif [ $GEN_CONFIG -ot $CONFIG ]; then
	29	confstatus=2
	30	elif [ $SUBSYS -ot $GEN_CONFIG ]; then
	31	confstatus=1
	32	else
	33	confstatus=0
	34	fi
	35	}
	36
	37	find_filter() {
	38	iptables=`which iptables 2> /dev/null`
	39	ipchains=`which ipchains 2> /dev/null`
	40	if [ -n "$iptables" ]; then
	41	filter=$iptables
	42	elif [ -n "$ipchains" ]; then
	43	filter=$ipchains
	44	else
	45	nls "ipchains/iptables not found. cannot continue"
	46	exit 1
	47	filter=
	48	fi
	49	}
	50
	51	# See how we were called.
	52	case "$1" in
	53	start)
	54	confstatus
	55	if [ $confstatus -ge 0 ]; then
	56	if [ $confstatus -gt 0 ]; then
	57	$0 init
	58	fi
	59	show "Setting filter rules"
	60	busy
	61	sh $GEN_CONFIG
	62	RETVAL=$?
	63	if [ $RETVAL = 0 ]; then
	64	touch $SUBSYS
65	ok
66	else
67	fail
68	fi
69	fi
70	;;
71	stop)
72	show "Flushing filter rules"
73	find_filter
74	$filter -F
75	RETVAL=$?
76	if [ $RETVAL = 0 ]; then
77	rm -f $SUBSYS
78	ok
79	else
80	fail
81	fi
82	;;
83	init)
84	show "Generating $GEN_CONFIG"
85	find_filter
86	umask 077
87	filtergen $CONFIG `basename $filter` > $GEN_CONFIG
88	;;
89	restart)
90	$0 stop
91	$0 start
92	;;
93	status)
94	confstatus
95	case "$confstatus" in
96	3)
97	nls "$GEN_CONFIG not generated"
98	;;
99	2)
100	nls "$GEN_CONFIG outdated"
101	;;
102	1)
103	nls "$GEN_CONFIG not applied"
104	;;
105	0)
106	nls "filter rules applied"
107	;;
108	esac
109	;;
110	*)
111	msg_Usage "$0 {start\|stop\|restart\|init\|status}"
112	exit 1
113	;;
114	esac
115
116	exit $RETVAL