filter.init

   1 #!/bin/sh
   2 # ipchains/iptables rules generator
   3 #
   4 # chkconfig:    345 15 85
   5 # description:  ipchains/iptables rules generator
   6
   7 # Source function library
   8 . /etc/rc.d/init.d/functions
   9
  10 # Get network config
  11 . /etc/sysconfig/network
  12
  13 # Get service config
  14 CONFIG=/etc/filter/simple.conf
  15 GEN_CONFIG=/etc/filter/generated_rules
  16 SUBSYS=/var/lock/subsys/filter
  17 [ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter
  18
  19 # Check that networking is up.
  20 # if is_no "${NETWORKING}" ; then
  21 #       msg_network_down "filter"
  22 #       exit 1
  23 # fi
  24
  25 confstatus() {
  26         if [ ! -e "$GEN_CONFIG" ]; then
  27                 confstatus=3
  28         elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
  29                 confstatus=2
  30         elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
  31                 confstatus=1
  32         else
  33                 confstatus=0
  34         fi
  35 }
  36
  37 find_filter() {
  38         iptables=`which iptables 2> /dev/null`
  39         ipchains=`which ipchains 2> /dev/null`
  40         if [ -n "$iptables" ]; then
  41                 filter=$iptables
  42         elif [ -n "$ipchains" ]; then
  43                 filter=$ipchains
  44         else
  45                 nls "ipchains/iptables not found. Cannot continue"
  46                 filter=
  47                 exit 1
  48         fi
  49 }
  50
  51 # See how we were called.
  52 case "$1" in
  53   start)
  54         confstatus
  55         if [ $confstatus -ge 0 ]; then
  56                 if [ $confstatus -gt 0 ]; then
  57                         $0 init
  58                 fi
  59                 show "Setting filter rules"
  60                 busy
  61                 sh "$GEN_CONFIG"
  62                 RETVAL=$?
  63                 if [ $RETVAL = 0 ]; then
  64                         touch "$SUBSYS"
  65                         ok
  66                 else
  67                         fail
  68                 fi
  69         fi
  70         ;;
  71   stop)
  72         show "Flushing filter rules"
  73         find_filter
  74         $filter -F
  75         RETVAL=$?
  76         if [ $RETVAL = 0 ]; then
  77                 rm -f "$SUBSYS"
  78                 ok
  79         else
  80                 fail
  81         fi
  82         ;;
  83   init)
  84         show "Generating %s" "$GEN_CONFIG"
  85         find_filter
  86         umask 077
  87         filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
  88         ;;
  89   restart|reload)
  90         $0 stop
  91         $0 start
  92         ;;
  93   status)
  94         confstatus
  95         case "$confstatus" in
  96           3)
  97                 nls "%s not generated" "$GEN_CONFIG"
  98                 ;;
  99           2)
 100                 nls "%s outdated" "$GEN_CONFIG"
 101                 ;;
 102           1)
 103                 nls "%s not applied" "$GEN_CONFIG"
 104                 ;;
 105           0)
 106                 nls "filter rules applied"
 107                 ;;
 108         esac
 109         ;;
 110   *)
 111         msg_usage "$0 {start|stop|init|restart|reload|status}"
 112         exit 1
 113         ;;
 114 esac
 115
 116 exit $RETVAL