Tree - rpms/iptables - src.fedoraproject.org

rpms / iptables

Blame iptables.init

Blob History Raw

cvsdist	bfa5afa	`#!/bin/sh`
cvsdist	bfa5afa	`#`
cvsdist	bfa5afa	`# Startup script to implement /etc/sysconfig/iptables pre-defined rules.`
cvsdist	bfa5afa	`#`
cvsdist	bfa5afa	`# chkconfig: 2345 08 92`
cvsdist	bfa5afa	`#`
cvsdist	bfa5afa	`# description: Automates a packet filtering firewall with iptables.`
cvsdist	bfa5afa	`#`
cvsdist	bfa5afa	`# by bero@redhat.com, based on the ipchains script:`
cvsdist	bfa5afa	`# Script Author: Joshua Jensen <joshua@redhat.com>`
cvsdist	bfa5afa	`# -- hacked up by gafton with help from notting`
cvsdist	bfa5afa	`# modified by Anton Altaparmakov <aia21@cam.ac.uk>:`
cvsdist	bfa5afa	`# modified by Nils Philippsen <nils@redhat.de>`
cvsdist	bfa5afa	`#`
cvsdist	bfa5afa	`# config: /etc/sysconfig/iptables`
cvsdist	bfa5afa
cvsdist	bfa5afa	`# Source 'em up`
cvsdist	bfa5afa	`. /etc/init.d/functions`
cvsdist	bfa5afa
cvsdist	bfa5afa	`IPTABLES_CONFIG=/etc/sysconfig/iptables`
cvsdist	bfa5afa
cvsdist	bfa5afa	`if [ ! -x /sbin/iptables ]; then`
cvsdist	bfa5afa	`exit 0`
cvsdist	bfa5afa	`fi`
cvsdist	bfa5afa
cvsdist	bfa5afa	KERNELMAJ=`uname -r \| sed -e 's,\..*,,'`
cvsdist	bfa5afa	KERNELMIN=`uname -r \| sed -e 's,[^\.]\.,,' -e 's,\..,,'`
cvsdist	bfa5afa
cvsdist	bfa5afa	`if [ "$KERNELMAJ" -lt 2 ] ; then`
cvsdist	bfa5afa	`exit 0`
cvsdist	bfa5afa	`fi`
cvsdist	bfa5afa	`if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then`
cvsdist	bfa5afa	`exit 0`
cvsdist	bfa5afa	`fi`
cvsdist	bfa5afa
cvsdist	bfa5afa
cvsdist	bfa5afa
cvsdist	bfa5afa	`if /sbin/lsmod 2>/dev/null \|grep -q ipchains ; then`
cvsdist	bfa5afa	`# Don't do both`
cvsdist	bfa5afa	`exit 0`
cvsdist	bfa5afa	`fi`
cvsdist	bfa5afa
cvsdist	bfa5afa	`start() {`
cvsdist	bfa5afa	`# don't do squat if we don't have the config file`
cvsdist	bfa5afa	`if [ -f $IPTABLES_CONFIG ]; then`
cvsdist	bfa5afa	`# If we don't clear these first, we might be adding to`
cvsdist	bfa5afa	`# pre-existing rules.`
cvsdist	bfa5afa	`action $"Flushing all current rules and user defined chains:" iptables -F`
cvsdist	bfa5afa	`action $"Clearing all current rules and user defined chains:" iptables -X`
cvsdist	bfa5afa	chains=`cat /proc/net/ip_tables_names 2>/dev/null`
cvsdist	bfa5afa	`for i in $chains; do iptables -t $i -F; done && \`
cvsdist	bfa5afa	`success $"Flushing all current rules and user defined chains:" \|\| \`
cvsdist	bfa5afa	`failure $"Flushing all current rules and user defined chains:"`
cvsdist	bfa5afa	`for i in $chains; do iptables -t $i -X; done && \`
cvsdist	bfa5afa	`success $"Clearing all current rules and user defined chains:" \|\| \`
cvsdist	bfa5afa	`failure $"Clearing all current rules and user defined chains:"`
cvsdist	bfa5afa
cvsdist	bfa5afa	`for i in $chains; do iptables -t $i -Z; done`
cvsdist	bfa5afa
cvsdist	bfa5afa	`echo $"Applying iptables firewall rules: "`
cvsdist	bfa5afa	`grep -v "^[[:space:]]#" $IPTABLES_CONFIG \| grep -v '^[[:space:]]$' \| /sbin/iptables-restore -c && \`
cvsdist	bfa5afa	`success $"Applying iptables firewall rules" \|\| \`
cvsdist	bfa5afa	`failure $"Applying iptables firewall rules"`
cvsdist	bfa5afa	`echo`
cvsdist	bfa5afa	`touch /var/lock/subsys/iptables`
cvsdist	bfa5afa	`fi`
cvsdist	bfa5afa	`}`
cvsdist	bfa5afa
cvsdist	bfa5afa	`stop() {`
cvsdist	bfa5afa	chains=`cat /proc/net/ip_tables_names 2>/dev/null`
cvsdist	bfa5afa	`for i in $chains; do iptables -t $i -F; done && \`
cvsdist	bfa5afa	`success $"Flushing all chains:" \|\| \`
cvsdist	bfa5afa	`failure $"Flushing all chains:"`
cvsdist	bfa5afa	`for i in $chains; do iptables -t $i -X; done && \`
cvsdist	bfa5afa	`success $"Removing user defined chains:" \|\| \`
cvsdist	bfa5afa	`failure $"Removing user defined chains:"`
cvsdist	bfa5afa	`echo -n $"Resetting built-in chains to the default ACCEPT policy:"`
cvsdist	bfa5afa	`iptables -P INPUT ACCEPT && \`
cvsdist	bfa5afa	`iptables -P OUTPUT ACCEPT && \`
cvsdist	bfa5afa	`iptables -P FORWARD ACCEPT && \`
cvsdist	bfa5afa	`iptables -t nat -P PREROUTING ACCEPT && \`
cvsdist	bfa5afa	`iptables -t nat -P POSTROUTING ACCEPT && \`
cvsdist	bfa5afa	`iptables -t nat -P OUTPUT ACCEPT && \`
cvsdist	bfa5afa	`iptables -t mangle -P PREROUTING ACCEPT && \`
cvsdist	bfa5afa	`iptables -t mangle -P OUTPUT ACCEPT && \`
cvsdist	bfa5afa	`success $"Resetting built-in chains to the default ACCEPT policy" \|\| \`
cvsdist	bfa5afa	`failure $"Resetting built-in chains to the default ACCEPT policy"`
cvsdist	bfa5afa	`echo`
cvsdist	bfa5afa	`rm -f /var/lock/subsys/iptables`
cvsdist	bfa5afa	`}`
cvsdist	bfa5afa
cvsdist	bfa5afa	`case "$1" in`
cvsdist	bfa5afa	`start)`
cvsdist	bfa5afa	`start`
cvsdist	bfa5afa	`;;`
cvsdist	bfa5afa
cvsdist	bfa5afa	`stop)`
cvsdist	bfa5afa	`stop`
cvsdist	bfa5afa	`;;`
cvsdist	bfa5afa
cvsdist	bfa5afa	`restart)`
cvsdist	bfa5afa	`# "restart" is really just "start" as this isn't a daemon,`
cvsdist	bfa5afa	`# and "start" clears any pre-defined rules anyway.`
cvsdist	bfa5afa	`# This is really only here to make those who expect it happy`
cvsdist	bfa5afa	`start`
cvsdist	bfa5afa	`;;`
cvsdist	bfa5afa
cvsdist	bfa5afa	`condrestart)`
cvsdist	bfa5afa	`[ -e /var/lock/subsys/iptables ] && start`
cvsdist	bfa5afa	`;;`
cvsdist	bfa5afa
cvsdist	bfa5afa	`status)`
cvsdist	bfa5afa	`echo $"Table: filter"`
cvsdist	bfa5afa	`iptables --list`
cvsdist	bfa5afa	`echo $"Table: nat"`
cvsdist	bfa5afa	`iptables -t nat --list`
cvsdist	bfa5afa	`echo $"Table: mangle"`
cvsdist	bfa5afa	`iptables -t mangle --list`
cvsdist	bfa5afa	`;;`
cvsdist	bfa5afa
cvsdist	bfa5afa	`panic)`
cvsdist	bfa5afa	`echo -n $"Changing target policies to DROP: "`
cvsdist	bfa5afa	`iptables -P INPUT DROP && \`
cvsdist	bfa5afa	`iptables -P FORWARD DROP && \`
cvsdist	bfa5afa	`iptables -P OUTPUT DROP && \`
cvsdist	bfa5afa	`iptables -t nat -P PREROUTING DROP && \`
cvsdist	bfa5afa	`iptables -t nat -P POSTROUTING DROP && \`
cvsdist	bfa5afa	`iptables -t nat -P OUTPUT DROP && \`
cvsdist	bfa5afa	`iptables -t mangle -P PREROUTING DROP && \`
cvsdist	bfa5afa	`iptables -t mangle -P OUTPUT DROP && \`
cvsdist	bfa5afa	`success $"Changing target policies to DROP" \|\| \`
cvsdist	bfa5afa	`failure $"Changing target policies to DROP"`
cvsdist	bfa5afa	`echo`
cvsdist	bfa5afa	`iptables -F INPUT && \`
cvsdist	bfa5afa	`iptables -F FORWARD && \`
cvsdist	bfa5afa	`iptables -F OUTPUT && \`
cvsdist	bfa5afa	`iptables -t nat -F PREROUTING && \`
cvsdist	bfa5afa	`iptables -t nat -F POSTROUTING && \`
cvsdist	bfa5afa	`iptables -t nat -F OUTPUT && \`
cvsdist	bfa5afa	`iptables -t mangle -F PREROUTING && \`
cvsdist	bfa5afa	`iptables -t mangle -F OUTPUT && \`
cvsdist	bfa5afa	`success $"Flushing all chains:" \|\| \`
cvsdist	bfa5afa	`failure $"Flushing all chains:"`
cvsdist	bfa5afa	`iptables -X INPUT && \`
cvsdist	bfa5afa	`iptables -X FORWARD && \`
cvsdist	bfa5afa	`iptables -X OUTPUT && \`
cvsdist	bfa5afa	`iptables -t nat -X PREROUTING && \`
cvsdist	bfa5afa	`iptables -t nat -X POSTROUTING && \`
cvsdist	bfa5afa	`iptables -t nat -X OUTPUT && \`
cvsdist	bfa5afa	`iptables -t mangle -X PREROUTING && \`
cvsdist	bfa5afa	`iptables -t mangle -X OUTPUT && \`
cvsdist	bfa5afa	`success $"Removing user defined chains:" \|\| \`
cvsdist	bfa5afa	`failure $"Removing user defined chains:"`
cvsdist	bfa5afa	`;;`
cvsdist	bfa5afa
cvsdist	bfa5afa	`save)`
cvsdist	bfa5afa	`echo -n $"Saving current rules to $IPTABLES_CONFIG: "`
cvsdist	bfa5afa	`touch $IPTABLES_CONFIG`
cvsdist	bfa5afa	`chmod 600 $IPTABLES_CONFIG`
cvsdist	bfa5afa	`/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && \`
cvsdist	bfa5afa	`success $"Saving current rules to $IPTABLES_CONFIG" \|\| \`
cvsdist	bfa5afa	`failure $"Saving current rules to $IPTABLES_CONFIG"`
cvsdist	bfa5afa	`echo`
cvsdist	bfa5afa	`;;`
cvsdist	bfa5afa
cvsdist	bfa5afa	`*)`
cvsdist	bfa5afa	`echo $"Usage: $0 {start\|stop\|restart\|condrestart\|status\|panic\|save}"`
cvsdist	bfa5afa	`exit 1`
cvsdist	bfa5afa	`esac`
cvsdist	bfa5afa
cvsdist	bfa5afa	`exit 0`
cvsdist	bfa5afa

rpms / iptables

Source Code

Blame iptables.init