1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#!/bin/sh
#
# ferm Configure ferm firewall rules from /etc/ferm.conf
#
# Written by Max Kellermann <max@duempel.org>
#
# Version: $Revision: 325 $
### BEGIN INIT INFO
# Provides: ferm
# Required-Start: $network $remote_fs
# Required-Stop: $network $remote_fs
# Default-Start: S
# Default-Stop:
# Description: Starts ferm firewall configuration
# short-description: ferm firewall configuration
### END INIT INFO
#includes lsb functions
. /lib/lsb/init-functions
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
FERM=/usr/sbin/ferm
CONFIG=/etc/ferm/ferm.conf
NAME=ferm
DESC="Firewall"
CACHE_DIR=/var/cache/ferm
test -x $FERM || exit 0
umask 0077
unset ENABLED
FAST=yes
CACHE=no
OPTIONS=
unset DOMAINS
[ -r /etc/default/ferm ] && . /etc/default/ferm
test -f "$CONFIG" || exit 0
if [ -n "$DOMAINS" ]; then
echo "Warning: the DOMAINS setting in /etc/default/ferm is deprecated." >&2
fi
if [ "$ENABLED" != "yes" ]; then
if [ "$VERBOSE" != no ]; then
if [ -z "$ENABLED" ]; then
echo "Not starting ferm - run 'dpkg-reconfigure ferm' to enable it"
else
echo "Not starting ferm - edit /etc/default/ferm to enable it"
fi
fi
exit 0
fi
[ "$CACHE" = "yes" -a ! -d $CACHE_DIR ] && CACHE=no
[ "$CACHE" = "yes" -a ! -w $CACHE_DIR ] && CACHE=no
set -e
configure_ferm() {
local CACHE_NAME=${1:-start}
if [ "$CACHE" = "yes" ]; then
local CACHE_FILE=$CACHE_DIR/$CACHE_NAME.sh
# The .kernel file saves the kernel version number (copy of
# /proc/version). It is used to ensure that ferm is re-run
# after a kernel upgrade.
if ! diff /proc/version $CACHE_FILE.kernel >/dev/null 2>&1 || \
! [ -f $CACHE_FILE -a \
$CACHE_FILE -nt $CONFIG -a \
-z "`find /etc/ferm -maxdepth 2 -newer $CACHE_FILE 2>/dev/null`" -a \
$CACHE_FILE -nt /etc/default/ferm -a \
$CACHE_FILE -nt /etc/init.d/ferm -a \
$CACHE_FILE -nt $FERM ]; then
rm -f "$CACHE_FILE" "$CACHE_FILE".tmp "$CACHE_FILE".kernel || return $?
if [ "$FAST" = "yes" ]; then
$FERM $OPTIONS --shell $CONFIG >$CACHE_FILE.tmp || return $?
else
$FERM $OPTIONS --shell --slow $CONFIG >$CACHE_FILE.tmp || return $?
fi
cp /proc/version $CACHE_FILE.kernel
mv $CACHE_FILE.tmp $CACHE_FILE || return $?
else
. $CACHE_FILE || return $?
fi
else
if [ "$FAST" = "yes" ]; then
$FERM $OPTIONS $CONFIG || return $?
else
$FERM $OPTIONS --slow $CONFIG || return $?
fi
fi
}
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
if configure_ferm; then
log_end_msg $?
else
log_end_msg $?
if ! test "$VERBOSE" = no -o -f /proc/net/ip_tables_names; then
log_warning_msg "Looks like the ip_tables module is not loaded, see /etc/modules"
fi
fi
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
OPTIONS="$OPTIONS --flush"
configure_ferm stop
log_end_msg $?
;;
reload|restart|force-reload)
log_begin_msg "Reloading $DESC configuration..."
configure_ferm
log_end_msg $?
;;
*)
N=/etc/init.d/$NAME
log_action_msg "Usage: $N {start|stop|restart|reload|force-reload}"
exit 1
;;
esac
exit 0
|
