/[gentoo-x86]/net-firewall/iptables/files/iptables-1.4.13.init
Gentoo

Contents of /net-firewall/iptables/files/iptables-1.4.13.init

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download)
Mon May 21 21:24:16 2012 UTC (2 years, 3 months ago) by williamh
Branch: MAIN
CVS Tags: HEAD
/tmp/msg

(Portage version: 2.2.0_alpha107/cvs/Linux i686)

1 #!/sbin/runscript
2 # Copyright 1999-2012 Gentoo Foundation
3 # Distributed under the terms of the GNU General Public License v2
4 # $Header: $
5
6 extra_commands="save panic"
7 extra_started_commands="reload"
8
9 iptables_name=${SVCNAME}
10 if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
11 iptables_name="iptables"
12 fi
13
14 iptables_bin="/sbin/${iptables_name}"
15 case ${iptables_name} in
16 iptables) iptables_proc="/proc/net/ip_tables_names"
17 iptables_save=${IPTABLES_SAVE};;
18 ip6tables) iptables_proc="/proc/net/ip6_tables_names"
19 iptables_save=${IP6TABLES_SAVE};;
20 esac
21
22 depend() {
23 before net
24 }
25
26 set_table_policy() {
27 local chains table=$1 policy=$2
28 case ${table} in
29 nat) chains="PREROUTING POSTROUTING OUTPUT";;
30 mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
31 filter) chains="INPUT FORWARD OUTPUT";;
32 *) chains="";;
33 esac
34 local chain
35 for chain in ${chains} ; do
36 ${iptables_bin} -t ${table} -P ${chain} ${policy}
37 done
38 }
39
40 checkkernel() {
41 if [ ! -e ${iptables_proc} ] ; then
42 eerror "Your kernel lacks ${iptables_name} support, please load"
43 eerror "appropriate modules and try again."
44 return 1
45 fi
46 return 0
47 }
48 checkconfig() {
49 if [ ! -f ${iptables_save} ] ; then
50 eerror "Not starting ${iptables_name}. First create some rules then run:"
51 eerror "/etc/init.d/${iptables_name} save"
52 return 1
53 fi
54 return 0
55 }
56
57 start() {
58 checkconfig || return 1
59 ebegin "Loading ${iptables_name} state and starting firewall"
60 ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
61 eend $?
62 }
63
64 stop() {
65 if [ "${SAVE_ON_STOP}" = "yes" ] ; then
66 save || return 1
67 fi
68 checkkernel || return 1
69 ebegin "Stopping firewall"
70 local a
71 for a in $(cat ${iptables_proc}) ; do
72 set_table_policy $a ACCEPT
73
74 ${iptables_bin} -F -t $a
75 ${iptables_bin} -X -t $a
76 done
77 eend $?
78 }
79
80 reload() {
81 checkkernel || return 1
82 ebegin "Flushing firewall"
83 local a
84 for a in $(cat ${iptables_proc}) ; do
85 ${iptables_bin} -F -t $a
86 ${iptables_bin} -X -t $a
87 done
88 eend $?
89
90 start
91 }
92
93 save() {
94 ebegin "Saving ${iptables_name} state"
95 touch "${iptables_save}"
96 chmod 0600 "${iptables_save}"
97 ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
98 eend $?
99 }
100
101 panic() {
102 checkkernel || return 1
103 if service_started ${iptables_name}; then
104 rc-service ${iptables_name} stop
105 fi
106
107 local a
108 ebegin "Dropping all packets"
109 for a in $(cat ${iptables_proc}) ; do
110 ${iptables_bin} -F -t $a
111 ${iptables_bin} -X -t $a
112
113 set_table_policy $a DROP
114 done
115 eend $?
116 }

  ViewVC Help
Powered by ViewVC 1.1.20