projects / lab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
* welcome.html
[lab.git] / iptables / setfilter
1 #!/bin/sh -e
2
3 ### BEGIN INIT INFO
4 # Provides:          setfilter
5 # Required-Start:    ufw
6 # Required-Stop:     
7 # Default-Start:     S
8 # Default-Stop:      
9 # Short-Description: set network filters with iptables
10 ### END INIT INFO
11
12 PATH="/sbin:/bin:/usr/sbin:/usr/bin"
13
14 . /lib/lsb/init-functions
15
16 if [ -s /etc/ufw/ufw.conf ]; then
17     . /etc/ufw/ufw.conf
18 else
19     log_failure_msg "Could not find /etc/ufw/ufw.conf (aborting)"
20     exit 1
21 fi
22
23 RULES_PATH="/etc/ufw"
24
25 case "$1" in
26 start)
27     if iptables -L LOG_ICMP -t raw -n >/dev/null 2>&1 ; then
28         # if firewall loaded, tell to reload instead
29         log_action_msg "Network filter already started, use 'force-reload'"
30         exit 0
31     fi
32     if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
33         log_action_begin_msg "Setting network filter"
34         error=""
35         
36         tables="raw mangle nat"
37         for table in $tables
38         do
39             RULES="$RULES_PATH/$table.rules"
40             
41             #flush the chains
42             iptables -F -t $table || error="yes"
43             iptables -X -t $table || error="yes"
44             
45             if [ -s "$RULES" ]; then
46                 if ! iptables-restore -n < $RULES ; then
47                     log_action_cont_msg "Problem running '$RULES'"
48                     error="yes"
49                 fi
50             else
51                 log_action_cont_msg "Couldn't find '$RULES'"
52             fi
53         done
54     
55         if [ "$error" = "yes" ]; then
56             log_action_end_msg 1
57             exit 1
58         else
59             log_action_end_msg 0
60         fi
61     else
62         log_action_begin_msg "Skipping network filter (not enabled)"
63         log_action_end_msg 0
64     fi
65     ;;
66 stop)
67     if [ "$ENABLED" != "yes" ] && [ "$ENABLED" != "YES" ]; then
68         log_action_begin_msg "Skipping network filter (not enabled)"
69         log_action_end_msg 0
70         exit 0
71     fi
72     
73     log_action_begin_msg "Stopping network filter"
74     error=""
75     
76     tables="raw mangle nat"
77     for table in $tables
78     do
79         iptables -F -t $table || error="yes"
80         iptables -X -t $table || error="yes"
81     done
82     
83     if [ "$error" = "yes" ]; then
84         log_action_end_msg 1
85         exit 1
86     else
87         log_action_end_msg 0
88     fi
89     ;;
90 restart|force-reload)
91     if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
92         $0 stop
93         $0 start
94     else
95         log_warning_msg "Skipping $1 (not enabled)"
96     fi
97     ;;
98 *)
99     echo "Usage: /etc/init.d/setfilter {start|stop|restart|force-reload}"
100     exit 1
101     ;;
102 esac
103
104 exit 0
105
Unnamed repository; edit this file 'description' to name the repository.