-#!/bin/sh
-#
-# ipchains Sets ipchains up
-#
-# chkconfig: 2345 09 91
-# description: ipchains is used to set up, maintain, and inspect the IP \
-# firewall rules in the Linux kernel. These rules can be \
-# divided into 4 different categories: the IP input chain, \
-# the IP output chain, the IP forwarding chain, and user \
-# defined chains
-#
-# $Id: ipchains,v 1.3 1999/08/07 10:16:14 wiget Exp $
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-
-add_rule () {
-
- # is this a comment or an empty line?
- if [ -n "$2" ] && echo "$2" | egrep -v "^[#;]" >/dev/null ; then
-
- # eval allows use of shell substitutions in rules
- eval ipchains -A '"$1"' $2 >> $ERRFILE || return 1
- fi
- return 0
-}
-
-add_chain () {
-
- # create new or flush existing chain
- ipchains -N "$1" 2>/dev/null || ipchains -F "$1" 2>>$ERRFILE || ERROR=yes
- {
- LINENO=0
- while read LINE ; do
- add_rule "$1" "$LINE" $LINENO 2>>$ERRFILE || {
- echo "Bad line $LINENO of /etc/sysconfig/ipchains.d/$1" >> $ERRFILE
- ERROR=yes
- }
- LINENO=$(($LINENO + 1))
- done
- } < "$1"
-}
-
-[ -x /sbin/ipchains ] || exit 1
-[ -d /etc/sysconfig/ipchains.d ] || exit 1
-
-[ -f /etc/sysconfig/ipchains ] && . /etc/sysconfig/ipchains
-
-
-ERRFILE=/tmp/ipchains-init.$$
-rm -f $ERRFILE
-touch $ERRFILE || exit 1
-ERROR=no
-
-# See how we were called.
-case "$1" in
- start)
- show "Setting up IPchains"
- busy
- [ -n "$INPUT_POLICY" ] && ipchains -P input $INPUT_POLICY
- [ -n "$OUTPUT_POLICY" ] && ipchains -P input $OUTPUT_POLICY
- [ -n "$FORWARD_POLICY" ] && ipchains -P input $FORWARD_POLICY
-
- cd /etc/sysconfig/ipchains.d
- for l in * ; do
- [ -f "$l" ] && add_chain "$l"
- done
-
- if [ "$ERROR" != "no" ] ; then
- deltext ; fail
- cat $ERRFILE
- rm -f $ERRFILE
- exit 1
- fi
-
- deltext ; ok ;
- touch /var/lock/subsys/ipchains
- ;;
- stop)
- show "Clearing IPchains"
- busy
-
- # back to the default
- ipchains -P input ACCEPT
- ipchains -P input ACCEPT
- ipchains -P input ACCEPT
-
- cd /etc/sysconfig/ipchains.d
- for l in * ; do
- [ -f "$l" ] && ipchains -F "$l"
- done
- for l in * ; do
- [ -f "$l" ] && ipchains -X "$l" 2>/dev/null
- done
-
- deltext ; ok ;
- rm -f /var/lock/subsys/ipchains
- ;;
-
- status)
- ipchains -L
- ;;
-
- restart)
- $0 stop
- $0 start
- ;;
-
- *)
- echo "Usage: ipchains {start|stop|status|restart}"
- rm -f $ERRFILE
- exit 1
-esac
-
-rm -f $ERRFILE
-
-exit 0