Tree - rpms/arptables_jf - src.fedoraproject.org

rpms / arptables_jf

Overview Files Commits Branches Forks Releases
Monitoring status:

Orphaned for:
Take
Bugzilla Assignee:

Fedora:: orphan
EPEL:: orphan
Files

Blob Blame History Raw
diff -up arptables_jf-0.0.8/arptables.init.initscript arptables_jf-0.0.8/arptables.init
--- arptables_jf-0.0.8/arptables.init.initscript	2003-06-27 18:10:15.000000000 +0200
+++ arptables_jf-0.0.8/arptables.init	2010-03-24 09:26:03.629793534 +0100
@@ -1,8 +1,20 @@
 #!/bin/sh
 #
+### BEGIN INIT INFO
+# Provides: arptables_jf
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Short-Description: userspace control program for the arptables network filter
+# Description: The arptables_jf utility controls the arpfilter network packet filtering
+#              code in the Linux kernel.  You do not need this program for normal
+#              network firewalling.  If you need to manually control which arp
+#              requests and/or replies this machine accepts and sends, you should
+#              install this package.
+### END INIT INFO
+
 # Startup script to implement /etc/sysconfig/arptables pre-defined rules.
 #
-# chkconfig: 2345 08 92
+# chkconfig: - 08 92
 #
 # description: Automates a packet filtering firewall with arptables.
 #
@@ -20,20 +32,6 @@
 
 ARPTABLES_CONFIG=/etc/sysconfig/arptables
 
-if [ ! -x /sbin/arptables ]; then
-	exit 0
-fi
-
-KERNELMAJ=`uname -r | sed                   -e 's,\..*,,'`
-KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
-
-if [ "$KERNELMAJ" -lt 2 ] ; then
-	exit 0
-fi
-if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
-	exit 0
-fi
-
 arp_table() {
 	if fgrep -qsx $1 /proc/net/arp_tables_names; then
 		arptables -t "$@"
@@ -41,98 +39,121 @@ arp_table() {
 }
 
 start() {
+	if [ ! -x /sbin/arptables ]; then
+		exit 4
+	fi
+
+	KERNELMAJ=`uname -r | sed                   -e 's,\..*,,'`
+	KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
+
+	if [ "$KERNELMAJ" -lt 2 ] ; then
+		echo "Not supported for kernel $KERNELMAJ.$KERNELMIN"
+		exit 1
+	fi
+	if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
+		echo "Not supported for kernel $KERNELMAJ.$KERNELMIN"
+		exit 1
+	fi
+
 	# don't do squat if we don't have the config file
+	echo -n $"Starting arptables_jf"
 	if [ -f $ARPTABLES_CONFIG ]; then
-	    # If we don't clear these first, we might be adding to
-	    #  pre-existing rules.
-	    chains=`cat /proc/net/arp_tables_names 2>/dev/null`
-	    echo -n $"Flushing all current rules and user defined chains:"
-	    let ret=0
-            for i in $chains; do arptables -t $i -F; let ret+=$?; done
-            arptables -F
-            let ret+=$?
-            if [ $ret -eq 0 ]; then
-              success
-            else
-              failure
-            fi
-            echo
-            echo -n $"Clearing all current rules and user defined chains:"
-            let ret=0
-            for i in $chains; do arptables -t $i -X; let ret+=$?; done
-            arptables -X
-            let ret+=$?
-            if [ $ret -eq 0 ]; then
-              success
-            else
-              failure
-            fi
-            echo
+		success
+		# If we don't clear these first, we might be adding to
+		# pre-existing rules.
+		chains=`cat /proc/net/arp_tables_names 2>/dev/null`
+		echo -n $"Flushing all current rules and user defined chains:"
+		let ret=0
+		for i in $chains; do arptables -t $i -F; let ret+=$?; done
+		arptables -F
+		let ret+=$?
+		if [ $ret -eq 0 ]; then
+			success
+		else
+			failure
+		fi
+		echo
+		echo -n $"Clearing all current rules and user defined chains:"
+		let ret=0
+		for i in $chains; do arptables -t $i -X; let ret+=$?; done
+		arptables -X
+		let ret+=$?
+		if [ $ret -eq 0 ]; then
+			success
+		else
+			failure
+		fi
+		echo
 
-            for i in $chains; do arptables -t $i -Z; done
+		for i in $chains; do arptables -t $i -Z; done
 
-	    echo -n $"Applying arptables firewall rules: "
+		echo -n $"Applying arptables firewall rules: "
 		grep -v "^[[:space:]]*#" $ARPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/arptables-restore -c && \
-		    success || \
-		    failure 
-	    echo
-	    touch /var/lock/subsys/arptables
+			success || \
+			failure
+		echo
+		touch /var/lock/subsys/arptables
+	else
+		failure
+		echo
+		echo $"Configuration file /etc/sysconfig/arptables missing"
+		exit 6
 	fi
 }
 
 stop() {
 	chains=`cat /proc/net/arp_tables_names 2>/dev/null`
-        echo -n $"Flushing all chains:"
-        let ret=0
-        for i in $chains; do arptables -t $i -F; let ret+=$?; done
-        arptables -F; let ret+=$?
-        if [ $ret -eq 0 ]; then
-                success
-        else
-                failure
-        fi
-        echo
-
-        echo -n $"Removing user defined chains:"
-        let ret=0
-        for i in $chains; do arptables -t $i -X; let ret+=$?; done
-        arptables -X; let ret+=$?
-        if [ $ret -eq 0 ]; then
-                success
-        else
-                failure
-        fi
-        echo
-        echo -n $"Resetting built-in chains to the default ACCEPT policy:"
+	echo -n $"Flushing all chains:"
+	let ret=0
+	for i in $chains; do arptables -t $i -F; let ret+=$?; done
+	arptables -F; let ret+=$?
+	if [ $ret -eq 0 ]; then
+		success
+	else
+		failure
+	fi
+	echo
+
+	echo -n $"Removing user defined chains:"
+	let ret=0
+	for i in $chains; do arptables -t $i -X; let ret+=$?; done
+	arptables -X; let ret+=$?
+	if [ $ret -eq 0 ]; then
+		success
+	else
+		failure
+	fi
+	echo
+	echo -n $"Resetting built-in chains to the default ACCEPT policy:"
 	arp_table filter -P IN ACCEPT && \
-	   arp_table filter -P OUT ACCEPT && \
-	   success || \
-	   failure 
+		arp_table filter -P OUT ACCEPT && \
+		success || \
+		failure
 	echo
 	rm -f /var/lock/subsys/arptables
 }
 
 case "$1" in
-  start)
+start)
 	start
 	;;
 
-  stop)
+stop)
 	stop
 	;;
 
-  restart)
+restart|reload)
 	# "restart" is really just "start" as this isn't a daemon,
-	#  and "start" clears any pre-defined rules anyway.
-	#  This is really only here to make those who expect it happy
+	# and "start" clears any pre-defined rules anyway.
+	# This is really only here to make those who expect it happy
 	start
 	;;
 
-  condrestart)
+condrestart|try-restart|force-reload)
 	[ -e /var/lock/subsys/arptables ] && start
 	;;
 
-  status)
+status)
 	tables=`cat /proc/net/arp_tables_names 2>/dev/null`
 	for table in $tables; do
 		echo $"Table: $table"
@@ -140,24 +161,24 @@ case "$1" in
 	done
 	;;
 
-  panic)
-	echo -n $"Changing target policies to DROP: "	
+panic)
+	echo -n $"Changing target policies to DROP: "
 	arp_table filter -P IN DROP && \
-	    arp_table filter -P OUT DROP && \
-	    success || failure
+		arp_table filter -P OUT DROP && \
+		success || failure
 	echo
-    echo -n "Flushing all chains:"
-        arp_table filter -F IN && \
-                arp_table filter -F OUT && \
-                success || failure
-    echo
-    echo -n "Removing user defined chains:"
-        arp_table filter -X && \
-                success || failure
-    echo
-        ;;
+	echo -n "Flushing all chains:"
+	arp_table filter -F IN && \
+		arp_table filter -F OUT && \
+		success || failure
+	echo
+	echo -n "Removing user defined chains:"
+	arp_table filter -X && \
+		success || failure
+	echo
+	;;
 
-  save)
+save)
 	echo -n $"Saving current rules to $ARPTABLES_CONFIG: "
 	touch $ARPTABLES_CONFIG
 	chmod 600 $ARPTABLES_CONFIG
@@ -167,10 +188,9 @@ case "$1" in
 	echo
 	;;
 
-  *)
-	echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
-	exit 1
+*)
+	echo $"Usage: $0 {start|stop|restart|try-restart|force-reload|status|panic|save}"
+	exit 2
 esac
 
 exit 0
-
rpms / arptables_jf

Source Code

Files
