filter.init

   1 #!/bin/sh
   2 # ipchains/iptables rules generator
   3 #
   4 # chkconfig:    345 15 85
   5 # description:  ipchains/iptables rules generator
   6
   7 # Source function library
   8 . /etc/rc.d/init.d/functions
   9
  10 # Get network config
  11 . /etc/sysconfig/network
  12
  13 # Get service config
  14 CONFIG=/etc/filter/simple.conf
  15 GEN_CONFIG=/etc/filter/generated_rules
  16 SUBSYS=/var/lock/subsys/filter
  17 [ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter
  18
  19 # Check that networking is up.
  20 # if is_no "${NETWORKING}" ; then
  21 #       msg_network_down "filter"
  22 #       exit 1
  23 # fi
  24
  25 confstatus() {
  26         if [ ! -e "$GEN_CONFIG" ]; then
  27                 confstatus=3
  28         elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
  29                 confstatus=2
  30         elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
  31                 confstatus=1
  32         else
  33                 confstatus=0
  34         fi
  35 }
  36
  37 find_filter() {
  38         iptables=`which iptables 2> /dev/null`
  39         ipchains=`which ipchains 2> /dev/null`
  40         if [ -n "$iptables" ]; then
  41                 filter=$iptables
  42         elif [ -n "$ipchains" ]; then
  43                 filter=$ipchains
  44         else
  45                 nls "ipchains/iptables not found. Cannot continue"
  46                 filter=
  47                 exit 1
  48         fi
  49 }
  50
  51 RETVAL=0
  52 # See how we were called.
  53 case "$1" in
  54   start)
  55         confstatus
  56         if [ $confstatus -ge 0 ]; then
  57                 if [ $confstatus -gt 0 ]; then
  58                         $0 init
  59                 fi
  60                 show "Setting filter rules"
  61                 busy
  62                 sh "$GEN_CONFIG"
  63                 [ $? -ne 0 ] && RETVAL=1
  64                 if [ $RETVAL -eq 0 ]; then
  65                         touch "$SUBSYS"
  66                         ok
  67                 else
  68                         fail
  69                 fi
  70         fi
  71         ;;
  72   stop)
  73         show "Flushing filter rules"
  74         find_filter
  75         $filter -F
  76         RETVAL=$?
  77         if [ $RETVAL = 0 ]; then
  78                 rm -f "$SUBSYS"
  79                 ok
  80         else
  81                 fail
  82         fi
  83         ;;
  84   init)
  85         show "Generating %s" "$GEN_CONFIG"
  86         find_filter
  87         umask 077
  88         filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
  89         ;;
  90   restart|force-reload)
  91         $0 stop
  92         $0 start
  93         exit $?
  94         ;;
  95   status)
  96         confstatus
  97         case "$confstatus" in
  98           3)
  99                 nls "%s not generated" "$GEN_CONFIG"
 100                 ;;
 101           2)
 102                 nls "%s outdated" "$GEN_CONFIG"
 103                 ;;
 104           1)
 105                 nls "%s not applied" "$GEN_CONFIG"
 106                 ;;
 107           0)
 108                 nls "filter rules applied"
 109                 ;;
 110         esac
 111         [ "$confstatus" -ne 0 ] && RETVAL=3
 112         ;;
 113   *)
 114         msg_usage "$0 {start|stop|init|restart|force-reload|status}"
 115         exit 3
 116         ;;
 117 esac
 118
 119 exit $RETVAL