#!/bin/sh # # Shorewall init script # # chkconfig: - 28 90 # description: Packet filtering firewall ### BEGIN INIT INFO # Provides: shorewall-lite # Required-Start: $local_fs $remote_fs $syslog $network # Should-Start: VMware $time $named # Required-Stop: # Default-Start: # Default-Stop: 0 1 2 3 4 5 6 # Short-Description: Packet filtering firewall # Description: The Shoreline Firewall, more commonly known as "Shorewall", is a # Netfilter (iptables) based firewall ### END INIT INFO # Source function library. . /etc/rc.d/init.d/functions # # The installer may alter this # . /usr/share/shorewall/shorewallrc prog="shorewall -l" shorewall="${SBINDIR}/$prog" logger="logger -i -t $prog" lockfile="/var/lock/subsys/$prog" # Get startup options (override default) OPTIONS= if [ -f ${SYSCONFDIR}/$prog ]; then . ${SYSCONFDIR}/$prog fi start() { printf $"Starting Shorewall: " $shorewall $OPTIONS start $STARTOPTIONS 2>&1 | $logger retval=${PIPESTATUS[0]} if [[ $retval == 0 ]]; then touch $lockfile success else failure fi echo return $retval } stop() { printf $"Stopping Shorewall: " $shorewall $OPTIONS stop 2>&1 | $logger retval=${PIPESTATUS[0]} if [[ $retval == 0 ]]; then rm -f $lockfile success else failure fi echo return $retval } restart() { # Note that we don't simply stop and start since shorewall has a built in # restart which stops the firewall if running and then starts it. printf $"Restarting Shorewall: " $shorewall $OPTIONS restart $RESTARTOPTIONS 2>&1 | $logger retval=${PIPESTATUS[0]} if [[ $retval == 0 ]]; then touch $lockfile success else # Failed to start, clean up lock file if present rm -f $lockfile failure fi echo return $retval } status(){ $shorewall status return $? } status_q() { status > /dev/null 2>&1 } case "$1" in start) status_q && exit 0 $1 ;; stop) status_q || exit 0 $1 ;; restart|reload|force-reload) restart ;; condrestart|try-restart) status_q || exit 0 restart ;; status) $1 ;; *) echo "Usage: $0 start|stop|reload|restart|force-reload|status" exit 1 ;; esac