9 # Short-Description: set network filters with iptables
12 PATH="/sbin:/bin:/usr/sbin:/usr/bin"
14 . /lib/lsb/init-functions
16 if [ -s /etc/ufw/ufw.conf ]; then
19 log_failure_msg "Could not find /etc/ufw/ufw.conf (aborting)"
27 if iptables -L LOG_ICMP -t raw -n >/dev/null 2>&1 ; then
28 # if firewall loaded, tell to reload instead
29 log_action_msg "Network filter already started, use 'force-reload'"
32 if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
33 log_action_begin_msg "Setting network filter"
36 tables="raw mangle nat"
39 RULES="$RULES_PATH/$table.rules"
42 iptables -F -t $table || error="yes"
43 iptables -X -t $table || error="yes"
45 if [ -s "$RULES" ]; then
46 if ! iptables-restore -n < $RULES ; then
47 log_action_cont_msg "Problem running '$RULES'"
51 log_action_cont_msg "Couldn't find '$RULES'"
55 if [ "$error" = "yes" ]; then
62 log_action_begin_msg "Skipping network filter (not enabled)"
67 if [ "$ENABLED" != "yes" ] && [ "$ENABLED" != "YES" ]; then
68 log_action_begin_msg "Skipping network filter (not enabled)"
73 log_action_begin_msg "Stopping network filter"
76 tables="raw mangle nat"
79 iptables -F -t $table || error="yes"
80 iptables -X -t $table || error="yes"
83 if [ "$error" = "yes" ]; then
91 if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
95 log_warning_msg "Skipping $1 (not enabled)"
99 echo "Usage: /etc/init.d/setfilter {start|stop|restart|force-reload}"