[packages/filtergen.git] / filter.init

#!/bin/sh
# ipchains/iptables rules generator
#
# chkconfig:	345 15 85
# description:	ipchains/iptables rules generator

# Source function library
. /etc/rc.d/init.d/functions

# Get network config
. /etc/sysconfig/network

# Get service config
CONFIG=/etc/filter/simple.conf
GEN_CONFIG=/etc/filter/generated_rules
SUBSYS=/var/lock/subsys/filter
[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter

# Check that networking is up.
# if is_no "${NETWORKING}" ; then
#	msg_network_down "filter"
# 	exit 1
# fi

confstatus() {
	if [ ! -e "$GEN_CONFIG" ]; then
		confstatus=3
	elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
		confstatus=2
	elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
		confstatus=1
	else
		confstatus=0
	fi
}

find_filter() {
	iptables=`which iptables 2> /dev/null`
	ipchains=`which ipchains 2> /dev/null`
	if [ -n "$iptables" ]; then
		filter=$iptables
	elif [ -n "$ipchains" ]; then
		filter=$ipchains
	else
		nls "ipchains/iptables not found. Cannot continue"
		filter=
		exit 1
	fi
}

# See how we were called.
case "$1" in
  start)
	confstatus
	if [ $confstatus -ge 0 ]; then
		if [ $confstatus -gt 0 ]; then
			$0 init
		fi
		show "Setting filter rules"
		busy
		sh "$GEN_CONFIG"
		RETVAL=$?
		if [ $RETVAL = 0 ]; then
			touch "$SUBSYS"
			ok
		else
			fail
		fi
	fi
	;;
  stop)
	show "Flushing filter rules"
	find_filter
	$filter -F
	RETVAL=$?
	if [ $RETVAL = 0 ]; then
		rm -f "$SUBSYS"
		ok
	else
		fail
	fi
	;;
  init)
	show "Generating %s" "$GEN_CONFIG"
	find_filter
	umask 077
	filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
	;;
  restart|reload)
	$0 stop
	$0 start
	;;
  status)
	confstatus
	case "$confstatus" in
	  3)
		nls "%s not generated" "$GEN_CONFIG"
		;;
	  2)
		nls "%s outdated" "$GEN_CONFIG"
		;;
	  1)
		nls "%s not applied" "$GEN_CONFIG"
		;;
	  0)
		nls "filter rules applied"
		;;
	esac
	;;
  *)
	msg_usage "$0 {start|stop|init|restart|reload|status}"
	exit 1
	;;
esac

exit $RETVAL
Commit	Line	Data
b3aa5a3a	1	#!/bin/sh
	2	# ipchains/iptables rules generator
	3	#
	4	# chkconfig: 345 15 85
	5	# description: ipchains/iptables rules generator
	6
	7	# Source function library
	8	. /etc/rc.d/init.d/functions
	9
	10	# Get network config
	11	. /etc/sysconfig/network
	12
	13	# Get service config
	14	CONFIG=/etc/filter/simple.conf
	15	GEN_CONFIG=/etc/filter/generated_rules
	16	SUBSYS=/var/lock/subsys/filter
	17	[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter
	18
	19	# Check that networking is up.
	20	# if is_no "${NETWORKING}" ; then
81666989	21	# msg_network_down "filter"
b3aa5a3a	22	# exit 1
	23	# fi
	24
	25	confstatus() {
81666989	26	if [ ! -e "$GEN_CONFIG" ]; then
	27	confstatus=3
	28	elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
	29	confstatus=2
	30	elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
	31	confstatus=1
	32	else
	33	confstatus=0
	34	fi
b3aa5a3a	35	}
	36
	37	find_filter() {
81666989	38	iptables=`which iptables 2> /dev/null`
	39	ipchains=`which ipchains 2> /dev/null`
	40	if [ -n "$iptables" ]; then
	41	filter=$iptables
	42	elif [ -n "$ipchains" ]; then
	43	filter=$ipchains
	44	else
	45	nls "ipchains/iptables not found. Cannot continue"
	46	filter=
	47	exit 1
	48	fi
b3aa5a3a	49	}
	50
	51	# See how we were called.
	52	case "$1" in
	53	start)
81666989	54	confstatus
	55	if [ $confstatus -ge 0 ]; then
	56	if [ $confstatus -gt 0 ]; then
	57	$0 init
	58	fi
	59	show "Setting filter rules"
	60	busy
	61	sh "$GEN_CONFIG"
	62	RETVAL=$?
	63	if [ $RETVAL = 0 ]; then
	64	touch "$SUBSYS"
	65	ok
	66	else
	67	fail
	68	fi
	69	fi
	70	;;
b3aa5a3a	71	stop)
81666989	72	show "Flushing filter rules"
	73	find_filter
	74	$filter -F
	75	RETVAL=$?
	76	if [ $RETVAL = 0 ]; then
	77	rm -f "$SUBSYS"
	78	ok
	79	else
	80	fail
	81	fi
	82	;;
b3aa5a3a	83	init)
81666989	84	show "Generating %s" "$GEN_CONFIG"
	85	find_filter
	86	umask 077
	87	filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
	88	;;
	89	restart\|reload)
	90	$0 stop
	91	$0 start
	92	;;
b3aa5a3a	93	status)
81666989	94	confstatus
	95	case "$confstatus" in
	96	3)
	97	nls "%s not generated" "$GEN_CONFIG"
	98	;;
	99	2)
	100	nls "%s outdated" "$GEN_CONFIG"
	101	;;
	102	1)
	103	nls "%s not applied" "$GEN_CONFIG"
	104	;;
	105	0)
	106	nls "filter rules applied"
	107	;;
	108	esac
	109	;;
b3aa5a3a	110	*)
81666989	111	msg_usage "$0 {start\|stop\|init\|restart\|reload\|status}"
	112	exit 1
	113	;;
b3aa5a3a	114	esac
	115
	116	exit $RETVAL