File: ipchains.init

package info (click to toggle)
firestarter 0.8.2-3woody1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 3,108 kB
  • ctags: 543
  • sloc: sh: 9,269; ansic: 7,205; makefile: 418
file content (104 lines) | stat: -rw-r--r-- 2,541 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
#!/bin/sh
#
# Startup script for the Firestarter Application Suite
#
# chkconfig: 2345 11 92
#
# description: Automates the startup of Firestarter's generated ruleset
#
# Script Author:	Paul Drain <pd@cipherfunk.org>
#   -- a hack taken from the default RH ipchains startup script
#
# config: /etc/firestarter/firewall.sh
#

# Source function library.
. /etc/init.d/functions

# Get config.
. /etc/sysconfig/network

# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
	exit 0
fi

[ -x /usr/sbin/firestarter ] || exit 0

FS_CONFIG="/etc/firestarter/firewall.sh"
RETVAL=0

start() {
	if [ -f $FS_CONFIG ]; then
	# Clear the existing rulesets out, so we don't run into any duplicates
	action "Flushing all current rules and user defined chains:" ipchains -F
	action "Clearing all current rules and user defined chains:" ipchains -X
	action "Zeroing all current rules:" ipchains -Z
	echo -n "Applying Firestarter configuration: "
        $FS_CONFIG
		success "Applying Firestarter configuration" || 
		failure "Applying Firestarter configuration"
	echo
	touch /var/lock/subsys/firestarter
	fi
}

stop() {
	action "Flushing all current rules and user defined chains:" ipchains -F
	action "Clearing all current rules and user defined chains:" ipchains -X
    	action "Zeroing all current rules:" ipchains -Z
	echo -n "Resetting built-in chains to the default ACCEPT policy:"
		ipchains -P input ACCEPT
		ipchains -P forward ACCEPT
		ipchains -P output ACCEPT
	success "Resetting built-in chains to the default ACCEPT policy" ||
	failure "Resetting built-in chains to the default ACCEPT policy"
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/firestarter
	return $RETVAL
}

panic() {
	echo -n "Changing target policies to DENY: "
		ipchains -P input DENY
		ipchains -P forward DENY
		ipchains -P output DENY 
	success "Changing target policies to DENY" ||
	failure "Changing target policies to DENY"
	echo
	action "Flushing all current rules and user defined chains:" ipchains -F
	action "Clearing all current rules and user defined chains:" ipchains -X
	action "Zeroing all current rules:" ipchains -Z
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/firestarter
	return $RETVAL
}

# See how we were called.
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  status)
	ipchains -nvL
	;;
  restart)
	if [ -f /var/lock/subsys/firestarter ]; then
            stop
            start
        fi
	;;
  panic)
	panic
	;;
  *)
	echo "Usage: firestarter {start|stop|status|restart|panic}"
	exit 1
esac
exit $RETVAL