filter.init

   1 #!/bin/sh
   2 # ipchains/iptables rules generator
   3 #
   4 # chkconfig:    345 15 85
   5 # description:  ipchains/iptables rules generator
   6
   7 # Source function library
   8 . /etc/rc.d/init.d/functions
   9
  10 # Get service config
  11 CONFIG=/etc/filter/simple.conf
  12 GEN_CONFIG=/etc/filter/generated_rules
  13 SUBSYS=/var/lock/subsys/filter
  14 [ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter
  15
  16 confstatus() {
  17         if [ ! -e "$GEN_CONFIG" ]; then
  18                 confstatus=3
  19         elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
  20                 confstatus=2
  21         elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
  22                 confstatus=1
  23         else
  24                 confstatus=0
  25         fi
  26 }
  27
  28 find_filter() {
  29         iptables=`which iptables 2> /dev/null`
  30         ipchains=`which ipchains 2> /dev/null`
  31         if [ -n "$iptables" ]; then
  32                 filter=$iptables
  33         elif [ -n "$ipchains" ]; then
  34                 filter=$ipchains
  35         else
  36                 nls "ipchains/iptables not found. Cannot continue"
  37                 filter=
  38                 exit 1
  39         fi
  40 }
  41
  42 RETVAL=0
  43 # See how we were called.
  44 case "$1" in
  45   start)
  46         confstatus
  47         if [ $confstatus -ge 0 ]; then
  48                 if [ $confstatus -gt 0 ]; then
  49                         $0 init
  50                 fi
  51                 show "Setting filter rules"
  52                 busy
  53                 sh "$GEN_CONFIG"
  54                 [ $? -ne 0 ] && RETVAL=1
  55                 if [ $RETVAL -eq 0 ]; then
  56                         touch "$SUBSYS"
  57                         ok
  58                 else
  59                         fail
  60                 fi
  61         fi
  62         ;;
  63   stop)
  64         show "Flushing filter rules"
  65         find_filter
  66         $filter -F
  67         RETVAL=$?
  68         if [ $RETVAL = 0 ]; then
  69                 rm -f "$SUBSYS"
  70                 ok
  71         else
  72                 fail
  73         fi
  74         ;;
  75   init)
  76         show "Generating %s" "$GEN_CONFIG"
  77         find_filter
  78         umask 077
  79         filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
  80         ;;
  81   restart|force-reload)
  82         $0 stop
  83         $0 start
  84         exit $?
  85         ;;
  86   status)
  87         confstatus
  88         case "$confstatus" in
  89           3)
  90                 nls "%s not generated" "$GEN_CONFIG"
  91                 ;;
  92           2)
  93                 nls "%s outdated" "$GEN_CONFIG"
  94                 ;;
  95           1)
  96                 nls "%s not applied" "$GEN_CONFIG"
  97                 ;;
  98           0)
  99                 nls "filter rules applied"
 100                 ;;
 101         esac
 102         [ "$confstatus" -ne 0 ] && RETVAL=3
 103         ;;
 104   *)
 105         msg_usage "$0 {start|stop|init|restart|force-reload|status}"
 106         exit 3
 107         ;;
 108 esac
 109
 110 exit $RETVAL