[packages/filtergen.git] / filter.init

#!/bin/sh
# ipchains/iptables rules generator
#
# chkconfig:	345 15 85
# description:	ipchains/iptables rules generator

# Source function library
. /etc/rc.d/init.d/functions

# Get network config
. /etc/sysconfig/network

# Get service config
CONFIG=/etc/filter/simple.conf
GEN_CONFIG=/etc/filter/generated_rules
SUBSYS=/var/lock/subsys/filter
[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter

# Check that networking is up.
# if is_no "${NETWORKING}" ; then
#	msg_network_down "filter"
# 	exit 1
# fi

confstatus() {
	if [ ! -e "$GEN_CONFIG" ]; then
		confstatus=3
	elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
		confstatus=2
	elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
		confstatus=1
	else
		confstatus=0
	fi
}

find_filter() {
	iptables=`which iptables 2> /dev/null`
	ipchains=`which ipchains 2> /dev/null`
	if [ -n "$iptables" ]; then
		filter=$iptables
	elif [ -n "$ipchains" ]; then
		filter=$ipchains
	else
		nls "ipchains/iptables not found. Cannot continue"
		filter=
		exit 1
	fi
}

RETVAL=0
# See how we were called.
case "$1" in
  start)
	confstatus
	if [ $confstatus -ge 0 ]; then
		if [ $confstatus -gt 0 ]; then
			$0 init
		fi
		show "Setting filter rules"
		busy
		sh "$GEN_CONFIG"
		[ $? -ne 0 ] && RETVAL=1
		if [ $RETVAL -eq 0 ]; then
			touch "$SUBSYS"
			ok
		else
			fail
		fi
	fi
	;;
  stop)
	show "Flushing filter rules"
	find_filter
	$filter -F
	RETVAL=$?
	if [ $RETVAL = 0 ]; then
		rm -f "$SUBSYS"
		ok
	else
		fail
	fi
	;;
  init)
	show "Generating %s" "$GEN_CONFIG"
	find_filter
	umask 077
	filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
	;;
  restart|force-reload)
	$0 stop
	$0 start
	exit $?
	;;
  status)
	confstatus
	case "$confstatus" in
	  3)
		nls "%s not generated" "$GEN_CONFIG"
		;;
	  2)
		nls "%s outdated" "$GEN_CONFIG"
		;;
	  1)
		nls "%s not applied" "$GEN_CONFIG"
		;;
	  0)
		nls "filter rules applied"
		;;
	esac
	[ "$confstatus" -ne 0 ] && RETVAL=3
	;;
  *)
	msg_usage "$0 {start|stop|init|restart|force-reload|status}"
	exit 3
	;;
esac

exit $RETVAL
Commit	Line	Data
b3aa5a3a	1	#!/bin/sh
	2	# ipchains/iptables rules generator
	3	#
	4	# chkconfig: 345 15 85
	5	# description: ipchains/iptables rules generator
	6
	7	# Source function library
	8	. /etc/rc.d/init.d/functions
	9
	10	# Get network config
	11	. /etc/sysconfig/network
	12
	13	# Get service config
	14	CONFIG=/etc/filter/simple.conf
	15	GEN_CONFIG=/etc/filter/generated_rules
	16	SUBSYS=/var/lock/subsys/filter
	17	[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter
	18
	19	# Check that networking is up.
	20	# if is_no "${NETWORKING}" ; then
81666989	21	# msg_network_down "filter"
b3aa5a3a	22	# exit 1
	23	# fi
	24
	25	confstatus() {
81666989	26	if [ ! -e "$GEN_CONFIG" ]; then
	27	confstatus=3
	28	elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
	29	confstatus=2
	30	elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
	31	confstatus=1
	32	else
	33	confstatus=0
	34	fi
b3aa5a3a	35	}
	36
	37	find_filter() {
81666989	38	iptables=`which iptables 2> /dev/null`
	39	ipchains=`which ipchains 2> /dev/null`
	40	if [ -n "$iptables" ]; then
	41	filter=$iptables
	42	elif [ -n "$ipchains" ]; then
	43	filter=$ipchains
	44	else
	45	nls "ipchains/iptables not found. Cannot continue"
	46	filter=
	47	exit 1
	48	fi
b3aa5a3a	49	}
b3aa5a3a	50
89908a9f	51	RETVAL=0
b3aa5a3a	52	# See how we were called.
	53	case "$1" in
	54	start)
81666989	55	confstatus
	56	if [ $confstatus -ge 0 ]; then
	57	if [ $confstatus -gt 0 ]; then
	58	$0 init
	59	fi
	60	show "Setting filter rules"
	61	busy
	62	sh "$GEN_CONFIG"
89908a9f	63	[ $? -ne 0 ] && RETVAL=1
89908a9f	64	if [ $RETVAL -eq 0 ]; then
81666989	65	touch "$SUBSYS"
	66	ok
	67	else
	68	fail
	69	fi
	70	fi
	71	;;
b3aa5a3a	72	stop)
81666989	73	show "Flushing filter rules"
	74	find_filter
	75	$filter -F
	76	RETVAL=$?
	77	if [ $RETVAL = 0 ]; then
	78	rm -f "$SUBSYS"
	79	ok
	80	else
	81	fail
	82	fi
	83	;;
b3aa5a3a	84	init)
81666989	85	show "Generating %s" "$GEN_CONFIG"
	86	find_filter
	87	umask 077
	88	filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
	89	;;
89908a9f	90	restart\|force-reload)
81666989	91	$0 stop
81666989	92	$0 start
89908a9f	93	exit $?
81666989	94	;;
b3aa5a3a	95	status)
81666989	96	confstatus
	97	case "$confstatus" in
	98	3)
	99	nls "%s not generated" "$GEN_CONFIG"
	100	;;
	101	2)
	102	nls "%s outdated" "$GEN_CONFIG"
	103	;;
	104	1)
	105	nls "%s not applied" "$GEN_CONFIG"
	106	;;
	107	0)
	108	nls "filter rules applied"
	109	;;
	110	esac
89908a9f	111	[ "$confstatus" -ne 0 ] && RETVAL=3
81666989	112	;;
b3aa5a3a	113	*)
89908a9f	114	msg_usage "$0 {start\|stop\|init\|restart\|force-reload\|status}"
89908a9f	115	exit 3
81666989	116	;;
b3aa5a3a	117	esac
	118
	119	exit $RETVAL