commit | author | age
|
7c99ef
|
1 |
#!/bin/sh |
T |
2 |
# |
|
3 |
# bastille-firewall Load/unload ipchains rulesets |
|
4 |
# |
|
5 |
# do not rename this file unless you edit /sbin/bastille-firewall-reset |
|
6 |
# |
|
7 |
# chkconfig: 2345 5 98 |
|
8 |
# description: A firewall/packet-filter script for Linux systems \ |
|
9 |
# that allows the machine to be used as a gateway system |
|
10 |
# |
|
11 |
# $Id: bastille-firewall,v 1.6 2002/02/24 17:19:14 peterw Exp $ |
|
12 |
# Copyright (c) 1999-2002 Peter Watkins |
|
13 |
# |
|
14 |
# This program is distributed in the hope that it will be useful, |
|
15 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
16 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
17 |
# GNU General Public License for more details. |
|
18 |
# |
|
19 |
# You should have received a copy of the GNU General Public License |
|
20 |
# along with this program; if not, write to the Free Software |
|
21 |
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
22 |
# |
|
23 |
# Thanks to David Ranch, Brad A, Don G, and others for their suggestions |
|
24 |
# |
|
25 |
# This script is designed to be used as a SysV-style init script. |
|
26 |
# |
|
27 |
# It should be run with a "start" argument |
|
28 |
# 1) as an rc?.d "S" script, _before_ the "network" script |
|
29 |
# [copy this to /etc/rc.d/init.d/bastille-firewall (or your equivalent of |
|
30 |
# /etc/rc.d/init.d) and run 'chkconfig -add bastille-firewall' ] |
|
31 |
# 2) any time an interface is brought up or changed, e.g. |
|
32 |
# establishing a PPP conection or renewing a DHCP lease |
|
33 |
# [copy 'bastille-firewall-reset', 'bastille-firewall-schedule' |
|
34 |
# and 'ifup-local' to /sbin/] |
|
35 |
# |
|
36 |
# Normally you Do Not _Ever_ Want to run this with a "stop" argument! |
|
37 |
# |
|
38 |
# Note that running this with "stop" will disable the firewall and open |
|
39 |
# your system to all network traffic; if you make changes to these rules, |
|
40 |
# apply them by running the script again with a "start" argument. |
|
41 |
# |
|
42 |
# ** As of 0.99-beta1, this script merely kicks off the real script, |
|
43 |
# either /sbin/bastille-ipchains or /sbin/bastille-netfilter |
abec04
|
44 |
# |
7c99ef
|
45 |
# Default is to use the 'ipchains' script, which will load the |
T |
46 |
# ipchains compatibility module if you're using a 2.4 kernel |
abec04
|
47 |
# |
T |
48 |
### BEGIN INIT INFO |
|
49 |
# Provides: Bastille-Firewall |
|
50 |
# Required-Start: $syslog |
|
51 |
# Should-Start: |
|
52 |
# Required-Stop: |
|
53 |
# Should-Stop: |
|
54 |
# Default-Start: 2 3 4 5 |
|
55 |
# Default-Stop: 0 1 6 |
|
56 |
# Short-Description: Bastille Firewall |
|
57 |
# Description: Bastille Firewall for iptables and ipchains |
|
58 |
### END INIT INFO |
|
59 |
|
|
60 |
|
edf806
|
61 |
REALSCRIPT=/sbin/bastille-netfilter |
7c99ef
|
62 |
PATH=/sbin:/bin:/usr/sbin:/usr/bin |
T |
63 |
|
|
64 |
# exit function to be called in place of regular Bourne exit |
|
65 |
clean_exit() |
|
66 |
{ |
|
67 |
rmdir /var/lock/bastille-firewall 2>/dev/null |
|
68 |
exit $1 |
|
69 |
} |
|
70 |
|
|
71 |
[ ! -d /var/lock ] && mkdir -m 0755 /var/lock |
|
72 |
|
|
73 |
mkdir -m 0700 /var/lock/bastille-firewall 2>/dev/null |
|
74 |
if [ $? -ne 0 ]; then |
|
75 |
if [ -n "${BASTILLE_FWALL_QUIET_FAIL}" ]; then exit 0; fi |
|
76 |
echo "ERROR: bastille-firewall currently being reset or lock is stuck." |
|
77 |
echo "To un-stick, remove the directory /var/lock/bastille-firewall" |
|
78 |
exit 1 |
|
79 |
fi |
|
80 |
|
|
81 |
if [ ! -x ${REALSCRIPT} ]; then |
|
82 |
echo "ERROR: \"${REALSCRIPT}\" not available!" |
|
83 |
clean_exit 1 |
|
84 |
fi |
|
85 |
|
|
86 |
${REALSCRIPT} "$1" |
|
87 |
bretval=$? |
|
88 |
|
|
89 |
# Use "subsys" locks to indicate our status |
|
90 |
case "$1" in |
|
91 |
start|restart|reload) |
|
92 |
if [ $bretval -eq 0 ]; then touch /var/lock/subsys/bastille-firewall; fi |
|
93 |
;; |
|
94 |
stop) |
|
95 |
rm -f /var/lock/subsys/bastille-firewall |
|
96 |
;; |
|
97 |
esac |
|
98 |
|
|
99 |
clean_exit $bretval |
|
100 |
|