rpms/iptables
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
afb35df862
iptables/iptables-initscript

116 lines
3.9 KiB
Bash
Raw Blame History

#!/bin/bash
#
# iptables -- Startup script to implement /etc/sysconfig/iptables pre-defined rules
#
# chkconfig: 2345 25 92
# description: Automates a packet filtering firewall with iptables.
# config: /etc/sysconfig/iptables
#
# By bero@redhat.com, based on the ipchains script:
# Script Author: Joshua Jensen <joshua@redhat.com>
# -- hacked up by gafton with help from notting
# Modified by Anton Altaparmakov <aia21@cam.ac.uk>:
# Modified by Nils Philippsen <nils@redhat.de>
. /etc/sysconfig/rc
. $rc_functions
NAME=iptables
IPTABLES=/sbin/$NAME
IPTABLES_RESTORE=/sbin/iptables-restore
IPTABLES_SAVE=/sbin/iptables-save
IPTABLES_CONFIG=/etc/sysconfig/$NAME
[ -x $IPTABLES ] || exit 0
case "$1" in
start)
# don't do squat if we don't have the config file
if [ -f $IPTABLES_CONFIG ]; then
# we do _not_ need to flush/clear anything when using iptables-restore
echo -n $"Applying iptables firewall rules: "
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | \
grep -v '^[[:space:]]*$' | \
$IPTABLES_RESTORE -c
evaluate_retval; echo
fi
touch /var/lock/subsys/$NAME
;;
stop)
echo -n $"Setting up default policies to ACCEPT: "
$IPTABLES --table mangle --policy PREROUTING ACCEPT &&
$IPTABLES --table mangle --policy INPUT ACCEPT &&
$IPTABLES --table mangle --policy FORWARD ACCEPT &&
$IPTABLES --table mangle --policy OUTPUT ACCEPT &&
$IPTABLES --table mangle --policy POSTROUTING ACCEPT &&
$IPTABLES --table filter --policy INPUT ACCEPT &&
$IPTABLES --table filter --policy OUTPUT ACCEPT &&
$IPTABLES --table filter --policy FORWARD ACCEPT &&
$IPTABLES --table nat --policy PREROUTING ACCEPT &&
$IPTABLES --table nat --policy POSTROUTING ACCEPT &&
$IPTABLES --table nat --policy OUTPUT ACCEPT
evaluate_retval; echo
echo -n $"Flushing all chains and deleting all user ones: "
for table in filter nat mangle; do
$IPTABLES --table $table --flush &&
$IPTABLES --table $table --delete-chain &&
$IPTABLES --table $table --zero
done
evaluate_retval; echo
rm -f /var/lock/subsys/$NAME
;;
restart|reload)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
$0 start
;;
condrestart)
[ -e /var/lock/subsys/$NAME ] && $0 restart || :
;;
status)
for table in $(cat /proc/net/ip_tables_names 2>/dev/null); do
echo "["$"TABLE:"" $table]"
$IPTABLES -t $table --list
echo
done
;;
panic)
echo -n $"Setting up default policies to DROP: "
$IPTABLES --table mangle --policy PREROUTING DROP &&
$IPTABLES --table mangle --policy INPUT DROP &&
$IPTABLES --table mangle --policy FORWARD DROP &&
$IPTABLES --table mangle --policy OUTPUT DROP &&
$IPTABLES --table mangle --policy POSTROUTING DROP &&
$IPTABLES --table filter --policy INPUT DROP &&
$IPTABLES --table filter --policy OUTPUT DROP &&
$IPTABLES --table filter --policy FORWARD DROP &&
$IPTABLES --table nat --policy PREROUTING DROP &&
$IPTABLES --table nat --policy POSTROUTING DROP &&
$IPTABLES --table nat --policy OUTPUT DROP
evaluate_retval; echo
echo -n $"Flushing all chains and deleting all user ones: "
for table in filter nat mangle; do
$IPTABLES --table $table --flush &&
$IPTABLES --table $table --delete-chain &&
$IPTABLES --table $table --zero
done
evaluate_retval; echo
;;
save)
echo -n $"Saving current rules to"" \`$IPTABLES_CONFIG': "
touch $IPTABLES_CONFIG && chmod 600 $IPTABLES_CONFIG &&
$IPTABLES_SAVE -c > $IPTABLES_CONFIG 2>/dev/null
evaluate_retval; echo
;;
*)
echo "Usage: ""$0 {start|stop|restart|condrestart|status|panic|save}"
exit 1
;;
esac
exit 0
Reference in New Issue View Git Blame Copy Permalink