#!/bin/sh -e ### BEGIN INIT INFO # Provides: setfilter # Required-Start: ufw # Required-Stop: # Default-Start: S # Default-Stop: # Short-Description: set network filters with iptables ### END INIT INFO PATH="/sbin:/bin:/usr/sbin:/usr/bin" . /lib/lsb/init-functions if [ -s /etc/ufw/ufw.conf ]; then . /etc/ufw/ufw.conf else log_failure_msg "Could not find /etc/ufw/ufw.conf (aborting)" exit 1 fi RULES_PATH="/etc/ufw" case "$1" in start) if iptables -L LOG_ICMP -t raw -n >/dev/null 2>&1 ; then # if firewall loaded, tell to reload instead log_action_msg "Network filter already started, use 'force-reload'" exit 0 fi if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then log_action_begin_msg "Setting network filter" error="" tables="raw mangle nat" for table in $tables do RULES="$RULES_PATH/$table.rules" #flush the chains iptables -F -t $table || error="yes" iptables -X -t $table || error="yes" if [ -s "$RULES" ]; then if ! iptables-restore -n < $RULES ; then log_action_cont_msg "Problem running '$RULES'" error="yes" fi else log_action_cont_msg "Couldn't find '$RULES'" fi done if [ "$error" = "yes" ]; then log_action_end_msg 1 exit 1 else log_action_end_msg 0 fi else log_action_begin_msg "Skipping network filter (not enabled)" log_action_end_msg 0 fi ;; stop) if [ "$ENABLED" != "yes" ] && [ "$ENABLED" != "YES" ]; then log_action_begin_msg "Skipping network filter (not enabled)" log_action_end_msg 0 exit 0 fi log_action_begin_msg "Stopping network filter" error="" tables="raw mangle nat" for table in $tables do iptables -F -t $table || error="yes" iptables -X -t $table || error="yes" done if [ "$error" = "yes" ]; then log_action_end_msg 1 exit 1 else log_action_end_msg 0 fi ;; restart|force-reload) if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then $0 stop $0 start else log_warning_msg "Skipping $1 (not enabled)" fi ;; *) echo "Usage: /etc/init.d/setfilter {start|stop|restart|force-reload}" exit 1 ;; esac exit 0