| #!/sbin/runscript |
| # Copyright 1999-2007 Gentoo Foundation |
| # Distributed under the terms of the GNU General Public License v2 |
| # $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.6 2007/03/12 21:49:04 vapier Exp $ |
| |
| opts="save reload panic" |
| |
| iptables_name=${SVCNAME} |
| if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then |
| iptables_name="iptables" |
| fi |
| |
| iptables_bin="/sbin/${iptables_name}" |
| case ${iptables_name} in |
| iptables) iptables_proc="/proc/net/ip_tables_names" |
| iptables_save=${IPTABLES_SAVE};; |
| ip6tables) iptables_proc="/proc/net/ip6_tables_names" |
| iptables_save=${IP6TABLES_SAVE};; |
| esac |
| |
| depend() { |
| before net |
| use logger |
| } |
| |
| set_table_policy() { |
| local chains table=$1 policy=$2 |
| case ${table} in |
| nat) chains="PREROUTING POSTROUTING OUTPUT";; |
| mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; |
| filter) chains="INPUT FORWARD OUTPUT";; |
| *) chains="";; |
| esac |
| local chain |
| for chain in ${chains} ; do |
| ${iptables_bin} -t ${table} -P ${chain} ${policy} |
| done |
| } |
| |
| checkkernel() { |
| if [ ! -e ${iptables_proc} ] ; then |
| eerror "Your kernel lacks ${iptables_name} support, please load" |
| eerror "appropriate modules and try again." |
| return 1 |
| fi |
| return 0 |
| } |
| checkconfig() { |
| if [ ! -f ${iptables_save} ] ; then |
| eerror "Not starting ${iptables_name}. First create some rules then run:" |
| eerror "/etc/init.d/${iptables_name} save" |
| return 1 |
| fi |
| return 0 |
| } |
| |
| start() { |
| checkconfig || return 1 |
| ebegin "Loading ${iptables_name} state and starting firewall" |
| ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" |
| eend $? |
| } |
| |
| stop() { |
| if [ "${SAVE_ON_STOP}" = "yes" ] ; then |
| save || return 1 |
| fi |
| checkkernel || return 1 |
| ebegin "Stopping firewall" |
| local a |
| for a in $(cat ${iptables_proc}) ; do |
| set_table_policy $a ACCEPT |
| |
| ${iptables_bin} -F -t $a |
| ${iptables_bin} -X -t $a |
| done |
| eend $? |
| } |
| |
| reload() { |
| checkkernel || return 1 |
| ebegin "Flushing firewall" |
| local a |
| for a in $(cat ${iptables_proc}) ; do |
| ${iptables_bin} -F -t $a |
| ${iptables_bin} -X -t $a |
| done |
| eend $? |
| |
| start |
| } |
| |
| save() { |
| ebegin "Saving ${iptables_name} state" |
| touch "${iptables_save}" |
| chmod 0600 "${iptables_save}" |
| ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" |
| eend $? |
| } |
| |
| panic() { |
| checkkernel || return 1 |
| service_started ${iptables_name} && svc_stop |
| |
| local a |
| ebegin "Dropping all packets" |
| for a in $(cat ${iptables_proc}) ; do |
| ${iptables_bin} -F -t $a |
| ${iptables_bin} -X -t $a |
| |
| set_table_policy $a DROP |
| done |
| eend $? |
| } |