]>
Commit | Line | Data |
---|---|---|
6e968d25 | 1 | #!/bin/sh |
2 | # | |
3 | # ipchains Sets ipchains up | |
4 | # | |
5 | # chkconfig: 2345 09 91 | |
6 | # description: ipchains is used to set up, maintain, and inspect the IP \ | |
7 | # firewall rules in the Linux kernel. These rules can be \ | |
8 | # divided into 4 different categories: the IP input chain, \ | |
9 | # the IP output chain, the IP forwarding chain, and user \ | |
10 | # defined chains | |
38198f50 | 11 | # |
dcd32750 | 12 | # $Id: ipchains,v 1.3 1999/08/07 10:16:14 wiget Exp $ |
6e968d25 | 13 | |
14 | # Source function library. | |
15 | . /etc/rc.d/init.d/functions | |
16 | ||
17 | ||
18 | add_rule () { | |
19 | ||
20 | # is this a comment or an empty line? | |
21 | if [ -n "$2" ] && echo "$2" | egrep -v "^[#;]" >/dev/null ; then | |
22 | ||
23 | # eval allows use of shell substitutions in rules | |
24 | eval ipchains -A '"$1"' $2 >> $ERRFILE || return 1 | |
25 | fi | |
26 | return 0 | |
27 | } | |
28 | ||
29 | add_chain () { | |
30 | ||
31 | # create new or flush existing chain | |
32 | ipchains -N "$1" 2>/dev/null || ipchains -F "$1" 2>>$ERRFILE || ERROR=yes | |
33 | { | |
34 | LINENO=0 | |
35 | while read LINE ; do | |
36 | add_rule "$1" "$LINE" $LINENO 2>>$ERRFILE || { | |
37 | echo "Bad line $LINENO of /etc/sysconfig/ipchains.d/$1" >> $ERRFILE | |
38 | ERROR=yes | |
39 | } | |
dcd32750 | 40 | LINENO=$(($LINENO + 1)) |
6e968d25 | 41 | done |
42 | } < "$1" | |
43 | } | |
44 | ||
45 | [ -x /sbin/ipchains ] || exit 1 | |
46 | [ -d /etc/sysconfig/ipchains.d ] || exit 1 | |
47 | ||
48 | [ -f /etc/sysconfig/ipchains ] && . /etc/sysconfig/ipchains | |
49 | ||
50 | ||
51 | ERRFILE=/tmp/ipchains-init.$$ | |
52 | rm -f $ERRFILE | |
53 | touch $ERRFILE || exit 1 | |
54 | ERROR=no | |
55 | ||
56 | # See how we were called. | |
57 | case "$1" in | |
58 | start) | |
59 | show "Setting up IPchains" | |
60 | busy | |
61 | [ -n "$INPUT_POLICY" ] && ipchains -P input $INPUT_POLICY | |
62 | [ -n "$OUTPUT_POLICY" ] && ipchains -P input $OUTPUT_POLICY | |
63 | [ -n "$FORWARD_POLICY" ] && ipchains -P input $FORWARD_POLICY | |
64 | ||
65 | cd /etc/sysconfig/ipchains.d | |
66 | for l in * ; do | |
67 | [ -f "$l" ] && add_chain "$l" | |
68 | done | |
69 | ||
70 | if [ "$ERROR" != "no" ] ; then | |
71 | deltext ; fail | |
72 | cat $ERRFILE | |
73 | rm -f $ERRFILE | |
74 | exit 1 | |
75 | fi | |
76 | ||
77 | deltext ; ok ; | |
78 | touch /var/lock/subsys/ipchains | |
79 | ;; | |
80 | stop) | |
81 | show "Clearing IPchains" | |
82 | busy | |
83 | ||
84 | # back to the default | |
85 | ipchains -P input ACCEPT | |
86 | ipchains -P input ACCEPT | |
87 | ipchains -P input ACCEPT | |
88 | ||
89 | cd /etc/sysconfig/ipchains.d | |
90 | for l in * ; do | |
91 | [ -f "$l" ] && ipchains -F "$l" | |
92 | done | |
93 | for l in * ; do | |
94 | [ -f "$l" ] && ipchains -X "$l" 2>/dev/null | |
95 | done | |
96 | ||
97 | deltext ; ok ; | |
98 | rm -f /var/lock/subsys/ipchains | |
99 | ;; | |
100 | ||
101 | status) | |
102 | ipchains -L | |
103 | ;; | |
104 | ||
105 | restart) | |
106 | $0 stop | |
107 | $0 start | |
108 | ;; | |
109 | ||
110 | *) | |
111 | echo "Usage: ipchains {start|stop|status|restart}" | |
112 | rm -f $ERRFILE | |
113 | exit 1 | |
114 | esac | |
115 | ||
116 | rm -f $ERRFILE | |
117 | ||
118 | exit 0 |