[projects/rc-scripts.git] / rc.d / init.d / ipchains

#!/bin/sh
#
# ipchains     Sets ipchains up
#
# chkconfig: 2345 09 91
# description: ipchains  is  used to set up, maintain, and inspect the IP \
#              firewall rules in the Linux kernel.  These  rules  can  be \
#              divided  into  4 different categories: the IP input chain, \
#              the IP output chain, the IP  forwarding  chain,  and  user \
#	       defined chains
#
# $Id: ipchains,v 1.3 1999/08/07 10:16:14 wiget Exp $

# Source function library.
. /etc/rc.d/init.d/functions


add_rule () {

  # is this a comment or an empty line?
  if [ -n "$2" ] && echo "$2" | egrep -v "^[#;]" >/dev/null ; then 
        
      # eval allows use  of shell substitutions in rules
      eval ipchains -A '"$1"' $2 >> $ERRFILE || return 1
  fi     
  return 0
}

add_chain () {

    # create new or flush existing chain
    ipchains -N "$1" 2>/dev/null || ipchains -F "$1" 2>>$ERRFILE || ERROR=yes
    { 
      LINENO=0
      while read LINE ; do
        add_rule "$1" "$LINE" $LINENO 2>>$ERRFILE || {
	   echo "Bad line $LINENO of /etc/sysconfig/ipchains.d/$1" >> $ERRFILE
	   ERROR=yes
        }
	LINENO=$(($LINENO + 1))
      done
    } < "$1"
}

[ -x /sbin/ipchains ] || exit 1
[ -d /etc/sysconfig/ipchains.d ] || exit 1

[ -f /etc/sysconfig/ipchains ] && . /etc/sysconfig/ipchains


ERRFILE=/tmp/ipchains-init.$$ 
rm -f $ERRFILE
touch $ERRFILE || exit 1
ERROR=no

# See how we were called.
case "$1" in
  start)
	show "Setting up IPchains"
	busy
	[ -n "$INPUT_POLICY" ] && ipchains -P input $INPUT_POLICY
	[ -n "$OUTPUT_POLICY" ] && ipchains -P input $OUTPUT_POLICY
	[ -n "$FORWARD_POLICY" ] && ipchains -P input $FORWARD_POLICY

	cd /etc/sysconfig/ipchains.d
	for l in * ; do
        	[ -f "$l" ] && add_chain "$l" 
	done
	
	if [ "$ERROR" != "no" ] ; then
   	  deltext ; fail
   	  cat $ERRFILE
   	  rm -f $ERRFILE
   	  exit 1
	fi  
	
	deltext ; ok ;
	touch /var/lock/subsys/ipchains
	;;
  stop)
	show "Clearing IPchains"
	busy
	
	# back to the default
	ipchains -P input ACCEPT
	ipchains -P input ACCEPT
	ipchains -P input ACCEPT
	
	cd /etc/sysconfig/ipchains.d
	for l in * ; do
        	[ -f "$l" ] && ipchains -F "$l"
	done
	for l in * ; do
        	[ -f "$l" ] && ipchains -X "$l" 2>/dev/null
	done
	
	deltext ; ok ;
	rm -f /var/lock/subsys/ipchains
	;;
	
  status)
	ipchains -L
	;;
	
  restart)
  	$0 stop
  	$0 start
	;;
	
  *)
	echo "Usage: ipchains {start|stop|status|restart}"
	rm -f $ERRFILE
	exit 1
esac

rm -f $ERRFILE

exit 0
Commit	Line	Data
6e968d25	1	#!/bin/sh
	2	#
	3	# ipchains Sets ipchains up
	4	#
	5	# chkconfig: 2345 09 91
	6	# description: ipchains is used to set up, maintain, and inspect the IP \
	7	# firewall rules in the Linux kernel. These rules can be \
	8	# divided into 4 different categories: the IP input chain, \
	9	# the IP output chain, the IP forwarding chain, and user \
	10	# defined chains
38198f50	11	#
dcd32750	12	# $Id: ipchains,v 1.3 1999/08/07 10:16:14 wiget Exp $
6e968d25	13
	14	# Source function library.
	15	. /etc/rc.d/init.d/functions
	16
	17
	18	add_rule () {
	19
	20	# is this a comment or an empty line?
	21	if [ -n "$2" ] && echo "$2" \| egrep -v "^[#;]" >/dev/null ; then
	22
	23	# eval allows use of shell substitutions in rules
	24	eval ipchains -A '"$1"' $2 >> $ERRFILE \|\| return 1
	25	fi
	26	return 0
	27	}
	28
	29	add_chain () {
	30
	31	# create new or flush existing chain
	32	ipchains -N "$1" 2>/dev/null \|\| ipchains -F "$1" 2>>$ERRFILE \|\| ERROR=yes
	33	{
	34	LINENO=0
	35	while read LINE ; do
	36	add_rule "$1" "$LINE" $LINENO 2>>$ERRFILE \|\| {
	37	echo "Bad line $LINENO of /etc/sysconfig/ipchains.d/$1" >> $ERRFILE
	38	ERROR=yes
	39	}
dcd32750	40	LINENO=$(($LINENO + 1))
6e968d25	41	done
	42	} < "$1"
	43	}
	44
	45	[ -x /sbin/ipchains ] \|\| exit 1
	46	[ -d /etc/sysconfig/ipchains.d ] \|\| exit 1
	47
	48	[ -f /etc/sysconfig/ipchains ] && . /etc/sysconfig/ipchains
	49
	50
	51	ERRFILE=/tmp/ipchains-init.$$
	52	rm -f $ERRFILE
	53	touch $ERRFILE \|\| exit 1
	54	ERROR=no
	55
	56	# See how we were called.
	57	case "$1" in
	58	start)
	59	show "Setting up IPchains"
	60	busy
	61	[ -n "$INPUT_POLICY" ] && ipchains -P input $INPUT_POLICY
	62	[ -n "$OUTPUT_POLICY" ] && ipchains -P input $OUTPUT_POLICY
	63	[ -n "$FORWARD_POLICY" ] && ipchains -P input $FORWARD_POLICY
	64
	65	cd /etc/sysconfig/ipchains.d
	66	for l in * ; do
	67	[ -f "$l" ] && add_chain "$l"
	68	done
	69
	70	if [ "$ERROR" != "no" ] ; then
	71	deltext ; fail
	72	cat $ERRFILE
	73	rm -f $ERRFILE
	74	exit 1
	75	fi
	76
	77	deltext ; ok ;
	78	touch /var/lock/subsys/ipchains
	79	;;
	80	stop)
	81	show "Clearing IPchains"
	82	busy
	83
	84	# back to the default
	85	ipchains -P input ACCEPT
	86	ipchains -P input ACCEPT
	87	ipchains -P input ACCEPT
	88
	89	cd /etc/sysconfig/ipchains.d
	90	for l in * ; do
	91	[ -f "$l" ] && ipchains -F "$l"
	92	done
	93	for l in * ; do
	94	[ -f "$l" ] && ipchains -X "$l" 2>/dev/null
	95	done
	96
	97	deltext ; ok ;
	98	rm -f /var/lock/subsys/ipchains
	99	;;
	100
	101	status)
	102	ipchains -L
	103	;;
	104
105	restart)
106	$0 stop
107	$0 start
108	;;
109
110	*)
111	echo "Usage: ipchains {start\|stop\|status\|restart}"
112	rm -f $ERRFILE
113	exit 1
114	esac
115
116	rm -f $ERRFILE
117
118	exit 0