File: uruk

package info (click to toggle)
uruk 20190121-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 1,188 kB
  • sloc: sh: 1,852; makefile: 151; xml: 51
file content (213 lines) | stat: -rw-r--r-- 6,721 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
#!/bin/sh
#
# this file maintained at http://git.mdcc.cx/uruk.git
#
# Uruk init script.

# chkconfig: 2345 11 89
# description: starts, stops and saves iptables state, as created by uruk
# beware! above two lines are parsed by chkconfig(8), as commonly found on
# (old?  << 2013 ?) RPM based systems

### BEGIN INIT INFO
# Provides:          uruk
# Required-Start:    $local_fs
# Required-Stop:     $local_fs
# Default-Start:     S
# Default-Stop:      0 1 6
# X-Start-Before: networking
# X-Stop-Before:
# Description: Starts uruk firewall configuration
# short-description: uruk firewall configuration
### END INIT INFO

# Copyright (C) 2002, 2003 Laurence J. Lane
# Copyright (C) 2003, 2004, 2005, 2007, 2010 Joost van Baal 
# Copyright (C) 2013 Joost van Baal-Ilić
#
# This file is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU GPL for more details.
#
# You should have received a copy of the GNU GPL along with this file, see
# e.g. the file named COPYING.  If not, see <http://www.gnu.org/licenses/>.

# Based upon /etc/init.d/iptables as shipped with the Debian iptables
# package by Laurence J. Lane

NAME=uruk
DAEMON=/sbin/uruk
SCRIPTNAME=/etc/init.d/"$NAME"

initd="$0"

# Debian-ism?  Not exit 5 but exit 0.
test -f $DAEMON || exit 0


###############################################################################
#
# This script should be LSB 3.1.0 compliant.  In particular,
# http://refspecs.freestandards.org/LSB_3.1.0/LSB-generic/LSB-generic/initscrcomconv.html
# and
# http://refspecs.freestandards.org/LSB_3.1.0/LSB-generic/LSB-generic/iniscrptact.html
# should be adhered to:
# 
# Error and status messages should be printed with the logging functions (see
# Init Script Functions) log_success_msg(), log_failure_msg() and
# log_warning_msg(). Scripts may write to standard error or standard output, but
# implementations need not present text written to standard error/output to the
# user or do anything else with it.
# 
# LSB required:
# start   start the service
# stop    stop the service
# restart stop and restart the service if the service is already running,
#         otherwise start the service
# force-reload   cause the configuration to be reloaded if the service supports
#         this, otherwise restart the service if it is running
# status  print the current status of the service
# 
# In case of an error while processing any init-script action except for status,
# the init script shall print an error message and exit with a non-zero status
# code:
# 
# 1   generic or unspecified error (current practice)
# 2   invalid or excess argument(s)
# 3   unimplemented feature (for example, "reload")
# 4   user had insufficient privilege
# 5   program is not installed
# 6   program is not configured
# 7   program is not running
#
#
# Note that those situation shall also be regarded as success:
# * restarting a service (instead of reloading it)
#   with the "force-reload" argument
# * running "start" on a service already running
# * running "stop" on a service already stopped or not running
# * running "restart" on a service already stopped or not running
# * running "try-restart" on a service already stopped or not running
#
###############################################################################



#                        /lib/lsb/init-functions
# Red Hat EL AS rel 3          Yes
#
# Debian GNU/Linux >= Sarge    Yes, in lsb-base package
#
# See /usr/share/doc/lsb-core/examples/init-skeleton.gz for sample lsb init
# script.
#
# include lsb functions
lsb_init_functions=/lib/lsb/init-functions
uruk_lsb_init_functions=/lib/uruk/lsb/init-functions
if test -f $lsb_init_functions; then
  . $lsb_init_functions
elif test -f $uruk_lsb_init_functions; then
  . $uruk_lsb_init_functions
else
  cat << END
File $lsb_init_functions nor file $uruk_lsb_init_functions found. Exiting.
END
  exit 1
fi

usage () {
  cat <<END
$initd options:
  start
     If not yet done, save current iptables status in "inactive" ruleset.
     (Re)build and load the "active" ruleset.
  force-reload
     (Re)build and load the "active" ruleset, in case uruk is running.
  stop
     Load the "inactive" ruleset.
  restart
     Perform stop-actions followed by start-actions.
  status
     Print the current status of the service: show which ruleset is loaded, and
     wether uruk is "running".

Saved ruleset locations: /var/lib/uruk/iptables/ and /var/lib/uruk/ip6tables/ .
END
}


case "$1" in
  start)
    urukctl start
    STATUS=$?
    if test "$STATUS" = 0; then
      log_success_msg "Starting uruk"
    else
      log_failure_msg "Starting uruk"
    fi
    ;;
  stop)
    urukctl stop
    STATUS=$?
    if test "$STATUS" = 0; then
      log_success_msg "Shutting down uruk"
    else
      log_failure_msg "Shutting down uruk"
    fi
    ;;
  restart)
    # Restart service (if running) or start service
    $initd stop
    $initd start
    ;;
  force-reload)
    urukctl status
    STATUS=$?
    if test "$STATUS" = 0; then
      # uruk is running
      urukctl force-reload
      log_success_msg "Reloading uruk"
    else
      log_success_msg "Nothing to do for reloading uruk: uruk is not running"
      STATUS=0
    fi

    ;;
  status)
    # If the status action is requested, the init script will
    # return the following exit status codes.
    #
    # 0  program is running or service is OK
    # 1  program is dead and /var/run pid file exists
    # 2  program is dead and /var/lock lock file exists
    # 3  program is not running
    # 4  program or service status is unknown

    urukctl status
    STATUS=$?
    if test "$STATUS" = 0; then
      log_success_msg "Checking uruk ($iptables_command): uruk running"
    elif test "$STATUS" = 3; then
      log_success_msg "Checking uruk ($iptables_command): uruk not running"
    else
      # STATUS=4 no active file present
      log_failure_msg "Checking uruk ($iptables_command): active ruleset not present"
    fi
    ;;
  save|create|load|reload|clear|halt|flush)
    # FIXME to be phased out at 2013-12 (introduced 2013-05)
    log_warning_msg "Passing argument $1 to the uruk initscript is deprecated.  In an upcoming release, be sure to use the new urukctl interface.  Calling urukctl for you now."
    exec urukctl "$@"
    ;;
  *)
    usage
    log_failure_msg "Aborting uruk $1: unsupported argument."
    exit 2
    ;;
esac