[packages/filtergen.git] / filter.init

#!/bin/sh
# ipchains/iptables rules generator
#
# chkconfig:	345 15 85
# description:	ipchains/iptables rules generator

# Source function library
. /etc/rc.d/init.d/functions

# Get service config
CONFIG=/etc/filter/simple.conf
GEN_CONFIG=/etc/filter/generated_rules
SUBSYS=/var/lock/subsys/filter
[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter

confstatus() {
	if [ ! -e "$GEN_CONFIG" ]; then
		confstatus=3
	elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
		confstatus=2
	elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
		confstatus=1
	else
		confstatus=0
	fi
}

find_filter() {
	iptables=`which iptables 2> /dev/null`
	ipchains=`which ipchains 2> /dev/null`
	if [ -n "$iptables" ]; then
		filter=$iptables
	elif [ -n "$ipchains" ]; then
		filter=$ipchains
	else
		nls "ipchains/iptables not found. Cannot continue"
		filter=
		exit 1
	fi
}

RETVAL=0
# See how we were called.
case "$1" in
  start)
	confstatus
	if [ $confstatus -ge 0 ]; then
		if [ $confstatus -gt 0 ]; then
			$0 init
		fi
		show "Setting filter rules"
		busy
		sh "$GEN_CONFIG"
		[ $? -ne 0 ] && RETVAL=1
		if [ $RETVAL -eq 0 ]; then
			touch "$SUBSYS"
			ok
		else
			fail
		fi
	fi
	;;
  stop)
	show "Flushing filter rules"
	find_filter
	$filter -F
	RETVAL=$?
	if [ $RETVAL = 0 ]; then
		rm -f "$SUBSYS"
		ok
	else
		fail
	fi
	;;
  init)
	show "Generating %s" "$GEN_CONFIG"
	find_filter
	umask 077
	filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
	;;
  restart|force-reload)
	$0 stop
	$0 start
	exit $?
	;;
  status)
	confstatus
	case "$confstatus" in
	  3)
		nls "%s not generated" "$GEN_CONFIG"
		;;
	  2)
		nls "%s outdated" "$GEN_CONFIG"
		;;
	  1)
		nls "%s not applied" "$GEN_CONFIG"
		;;
	  0)
		nls "filter rules applied"
		;;
	esac
	[ "$confstatus" -ne 0 ] && RETVAL=3
	;;
  *)
	msg_usage "$0 {start|stop|init|restart|force-reload|status}"
	exit 3
	;;
esac

exit $RETVAL
Commit	Line	Data
b3aa5a3a	1	#!/bin/sh
	2	# ipchains/iptables rules generator
	3	#
	4	# chkconfig: 345 15 85
	5	# description: ipchains/iptables rules generator
	6
	7	# Source function library
	8	. /etc/rc.d/init.d/functions
	9
b3aa5a3a	10	# Get service config
	11	CONFIG=/etc/filter/simple.conf
	12	GEN_CONFIG=/etc/filter/generated_rules
	13	SUBSYS=/var/lock/subsys/filter
	14	[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter
	15
b3aa5a3a	16	confstatus() {
81666989	17	if [ ! -e "$GEN_CONFIG" ]; then
	18	confstatus=3
	19	elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
	20	confstatus=2
	21	elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
	22	confstatus=1
	23	else
	24	confstatus=0
	25	fi
b3aa5a3a	26	}
	27
	28	find_filter() {
81666989	29	iptables=`which iptables 2> /dev/null`
	30	ipchains=`which ipchains 2> /dev/null`
	31	if [ -n "$iptables" ]; then
	32	filter=$iptables
	33	elif [ -n "$ipchains" ]; then
	34	filter=$ipchains
	35	else
	36	nls "ipchains/iptables not found. Cannot continue"
	37	filter=
	38	exit 1
	39	fi
b3aa5a3a	40	}
b3aa5a3a	41
89908a9f	42	RETVAL=0
b3aa5a3a	43	# See how we were called.
	44	case "$1" in
	45	start)
81666989	46	confstatus
	47	if [ $confstatus -ge 0 ]; then
	48	if [ $confstatus -gt 0 ]; then
	49	$0 init
	50	fi
	51	show "Setting filter rules"
	52	busy
	53	sh "$GEN_CONFIG"
89908a9f	54	[ $? -ne 0 ] && RETVAL=1
89908a9f	55	if [ $RETVAL -eq 0 ]; then
81666989	56	touch "$SUBSYS"
	57	ok
	58	else
	59	fail
	60	fi
	61	fi
	62	;;
b3aa5a3a	63	stop)
81666989	64	show "Flushing filter rules"
	65	find_filter
	66	$filter -F
	67	RETVAL=$?
	68	if [ $RETVAL = 0 ]; then
	69	rm -f "$SUBSYS"
	70	ok
	71	else
	72	fail
	73	fi
	74	;;
b3aa5a3a	75	init)
81666989	76	show "Generating %s" "$GEN_CONFIG"
	77	find_filter
	78	umask 077
	79	filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
	80	;;
89908a9f	81	restart\|force-reload)
81666989	82	$0 stop
81666989	83	$0 start
89908a9f	84	exit $?
81666989	85	;;
b3aa5a3a	86	status)
81666989	87	confstatus
	88	case "$confstatus" in
	89	3)
	90	nls "%s not generated" "$GEN_CONFIG"
	91	;;
	92	2)
	93	nls "%s outdated" "$GEN_CONFIG"
	94	;;
	95	1)
	96	nls "%s not applied" "$GEN_CONFIG"
	97	;;
	98	0)
	99	nls "filter rules applied"
	100	;;
	101	esac
89908a9f	102	[ "$confstatus" -ne 0 ] && RETVAL=3
81666989	103	;;
b3aa5a3a	104	*)
89908a9f	105	msg_usage "$0 {start\|stop\|init\|restart\|force-reload\|status}"
89908a9f	106	exit 3
81666989	107	;;
b3aa5a3a	108	esac
	109
	110	exit $RETVAL