--- /dev/null
+# Save current firewall rules on stop.
+# Value: yes|no, default: no
+# Saves all firewall rules to /etc/sysconfig/ip6tables if firewall gets stopped
+# (e.g. on system shutdown).
+IP6TABLES_SAVE_ON_STOP="no"
+
+# Save (and restore) rule and chain counter.
+# Value: yes|no, default: no
+# Save counters for rules and chains to /etc/sysconfig/ip6tables if
+# 'service ip6tables save' is called or on stop or restart if SAVE_ON_STOP
+# is enabled.
+IP6TABLES_SAVE_COUNTER="yes"
+
+# Numeric status output
+# Value: yes|no, default: yes
+# Print IPv6 addresses and port numbers in numeric format in the status output.
+IP6TABLES_STATUS_NUMERIC="no"
+
+# Verbose status output
+# Value: yes|no, default: yes
+# Print info about the number of packets and bytes plus the "input-" and
+# "outputdevice" in the status output.
+IP6TABLES_STATUS_VERBOSE="no"
+
+# Status output with numbered lines
+# Value: yes|no, default: yes
+# Print a counter/number for every rule in the status output.
+IP6TABLES_STATUS_LINENUMBERS="no"
exit 0
fi
+IP6TABLES_SAVE_ON_STOP="no"
+IP6TABLES_SAVE_COUNTER="no"
+IP6TABLES_STATUS_NUMERIC="yes"
+IP6TABLES_STATUS_VERBOSE="no"
+IP6TABLES_STATUS_LINENUMBERS="yes"
+[ -f /etc/sysconfig/ip6tables-config ] && . /etc/sysconfig/ip6tables-config
+_SAVEOPT=
+is_yes $IP6TABLES_SAVE_COUNTER && _SAVEOPT="-c"
+
iftable() {
if fgrep -qsx $1 /proc/net/ip6_tables_names; then
ip6tables -t "$@"
for i in $tables; do ip6tables -t $i -Z; done
show "Applying ip6tables firewall rules"
- grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /usr/sbin/ip6tables-restore -c && \
+ grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /usr/sbin/ip6tables-restore $_SAVEOPT && \
ok || fail
touch /var/lock/subsys/ip6tables
fi
rm -f /var/lock/subsys/ip6tables
}
+save() {
+ show "Saving current rules to %s" $IPTABLES_CONFIG
+ touch $IPTABLES_CONFIG
+ chmod 600 $IPTABLES_CONFIG
+ /usr/sbin/ip6tables-save $_SAVEOPT > $IPTABLES_CONFIG 2>/dev/null && ok || fail
+}
+
upstart_controlled --except status panic load save clear
case "$1" in
start|load)
start
;;
-
- stop|clear)
+ stop)
+ is_yes $IP6TABLES_SAVE_ON_STOP && save
+ stop
+ ;;
+ clear)
stop
;;
-
restart|force-reload)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
start
;;
-
panic)
show "Changing target policies to DROP"
iftable filter -P INPUT DROP && \
iftable mangle -X OUTPUT && \
ok || fail
;;
-
save)
- show "Saving current rules to %s" $IPTABLES_CONFIG
- touch $IPTABLES_CONFIG
- chmod 600 $IPTABLES_CONFIG
- /usr/sbin/ip6tables-save -c > $IPTABLES_CONFIG 2>/dev/null && ok || fail
+ save
;;
-
status)
+ is_yes $IP6TABLES_STATUS_NUMERIC && _NUMERIC="-n"
+ is_yes $IP6TABLES_STATUS_VERBOSE && _VERBOSE="--verbose"
+ is_yes $IP6TABLES_STATUS_LINENUMBERS && _LINES="--line-numbers"
tables=`cat /proc/net/ip6_tables_names 2>/dev/null`
for table in $tables; do
echo "Table: $table"
- ip6tables -t $table -n --list
+ ip6tables -t $table -n --list $_NUMERIC $_VERBOSE $_LINES
done
;;
-
*)
msg_usage "$0 {start|stop|restart|force-reload|panic|load|save|clear|status}"
exit 3
--- /dev/null
+# Save current firewall rules on stop.
+# Value: yes|no, default: no
+# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
+# (e.g. on system shutdown).
+IPTABLES_SAVE_ON_STOP="no"
+
+# Save (and restore) rule and chain counter.
+# Value: yes|no, default: yes
+# Save counters for rules and chains to /etc/sysconfig/iptables if
+# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP
+# is enabled.
+IPTABLES_SAVE_COUNTER="yes"
+
+# Numeric status output
+# Value: yes|no, default: no
+# Print IP addresses and port numbers in numeric format in the status output.
+IPTABLES_STATUS_NUMERIC="no"
+
+# Verbose status output
+# Value: yes|no, default: yes
+# Print info about the number of packets and bytes plus the "input-" and
+# "outputdevice" in the status output.
+IPTABLES_STATUS_VERBOSE="no"
+
+# Status output with numbered lines
+# Value: yes|no, default: no
+# Print a counter/number for every rule in the status output.
+IPTABLES_STATUS_LINENUMBERS="no"
exit 0
fi
+IPTABLES_SAVE_ON_STOP="no"
+IPTABLES_SAVE_COUNTER="no"
+IPTABLES_STATUS_NUMERIC="yes"
+IPTABLES_STATUS_VERBOSE="no"
+IPTABLES_STATUS_LINENUMBERS="yes"
+[ -f /etc/sysconfig/iptables-config ] && . /etc/sysconfig/iptables-config
+_SAVEOPT=
+is_yes $IPTABLES_SAVE_COUNTER && _SAVEOPT="-c"
+
iftable() {
if fgrep -qsx $1 /proc/net/ip_tables_names; then
iptables -t "$@"
for i in $tables; do iptables -t $i -Z; done
show "Applying iptables firewall rules"
- grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /usr/sbin/iptables-restore -c && \
+ grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /usr/sbin/iptables-restore $_SAVEOPT && \
ok || \
fail
touch /var/lock/subsys/iptables
rm -f /var/lock/subsys/iptables
}
+save() {
+ show "Saving current rules to %s" $IPTABLES_CONFIG
+ touch $IPTABLES_CONFIG
+ chmod 600 $IPTABLES_CONFIG
+ /usr/sbin/iptables-save $_SAVEOPT > $IPTABLES_CONFIG 2>/dev/null && ok || fail
+}
+
upstart_controlled --except status panic load save clear
case "$1" in
start|load)
start
;;
-
- stop|clear)
+ stop)
+ is_yes $IPTABLES_SAVE_ON_STOP && save
+ stop
+ ;;
+ clear)
stop
;;
-
restart|force-reload)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
start
;;
-
panic)
show "Changing target policies to DROP"
iftable filter -P INPUT DROP && \
iftable mangle -X OUTPUT && \
ok || fail
;;
-
save)
- show "Saving current rules to %s" $IPTABLES_CONFIG
- touch $IPTABLES_CONFIG
- chmod 600 $IPTABLES_CONFIG
- /usr/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && ok || fail
+ save
;;
-
status)
+ is_yes $IPTABLES_STATUS_NUMERIC && _NUMERIC="-n"
+ is_yes $IPTABLES_STATUS_VERBOSE && _VERBOSE="--verbose"
+ is_yes $IPTABLES_STATUS_LINENUMBERS && _LINES="--line-numbers"
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
for table in $tables; do
echo "Table: $table"
- iptables -t $table -n --list
+ iptables -t $table -n --list $_NUMERIC $_VERBOSE $_LINES
done
;;
-
*)
msg_usage "$0 {start|stop|restart|force-reload|panic|load|save|clear|status}"
exit 3
Source3: %{name6}.init
Source4: %{name}.upstart
Source5: %{name6}.upstart
+Source6: %{name}-config
+Source7: %{name6}-config
# --- GENERAL CHANGES (patches<10):
Patch0: %{name}-man.patch
# additional utils; off by default
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
+install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,sysconfig} \
+ $RPM_BUILD_ROOT{%{_includedir},%{_libdir},%{_mandir}/man3}
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT \
cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/init/%{name}.conf
cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/init/%{name6}.conf
+install -p %{SOURCE6} $RPM_BUILD_ROOT/etc/sysconfig/%{name}-config
+install -p %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/%{name6}-config
+
%clean
rm -rf $RPM_BUILD_ROOT
%files init
%defattr(644,root,root,755)
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}-config
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name6}-config
%attr(754,root,root) /etc/rc.d/init.d/iptables
%attr(754,root,root) /etc/rc.d/init.d/ip6tables
%config(noreplace) %verify(not md5 mtime size) /etc/init/%{name}.conf
projects / packages / iptables.git / commitdiff