2008-12-09 17:50:17 +01:00
|
|
|
#!/bin/sh
|
|
|
|
### BEGIN INIT INFO
|
2008-12-10 01:33:55 +01:00
|
|
|
# Provides: shorewall6
|
2010-02-15 17:39:50 +01:00
|
|
|
# Required-Start: $network $remote_fs
|
|
|
|
# Required-Stop: $network $remote_fs
|
2008-12-09 17:50:17 +01:00
|
|
|
# Default-Start: S
|
2016-07-04 23:37:00 +02:00
|
|
|
# Default-Stop: 0 1 6
|
2008-12-09 17:50:17 +01:00
|
|
|
# Short-Description: Configure the firewall at boot time
|
|
|
|
# Description: Configure the firewall according to the rules specified in
|
2008-12-10 01:33:55 +01:00
|
|
|
# /etc/shorewall6
|
2008-12-09 17:50:17 +01:00
|
|
|
### END INIT INFO
|
|
|
|
|
2013-10-05 22:31:45 +02:00
|
|
|
. /lib/lsb/init-functions
|
2008-12-09 17:50:17 +01:00
|
|
|
|
2008-12-10 01:33:55 +01:00
|
|
|
SRWL=/sbin/shorewall6
|
2008-12-09 17:50:17 +01:00
|
|
|
SRWL_OPTS="-tvv"
|
2012-01-02 05:30:09 +01:00
|
|
|
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
|
2009-10-03 17:29:45 +02:00
|
|
|
test -n ${INITLOG:=/var/log/shorewall6-init.log}
|
2008-12-09 17:50:17 +01:00
|
|
|
|
|
|
|
test -x $SRWL || exit 0
|
|
|
|
test -x $WAIT_FOR_IFUP || exit 0
|
2009-10-09 00:57:25 +02:00
|
|
|
test -n "$INITLOG" || {
|
2012-04-24 23:52:57 +02:00
|
|
|
echo "INITLOG cannot be empty, please configure $0" ;
|
2008-12-09 17:50:17 +01:00
|
|
|
exit 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if [ "$(id -u)" != "0" ]
|
|
|
|
then
|
2008-12-10 01:33:55 +01:00
|
|
|
echo "You must be root to start, stop or restart \"Shorewall6 firewall\"."
|
2008-12-09 17:50:17 +01:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo_notdone () {
|
|
|
|
|
2012-04-24 23:52:57 +02:00
|
|
|
if [ "$INITLOG" = "/dev/null" ] ; then
|
2008-12-09 17:50:17 +01:00
|
|
|
echo "not done."
|
2012-04-24 23:52:57 +02:00
|
|
|
else
|
2008-12-09 17:50:17 +01:00
|
|
|
echo "not done (check $INITLOG)."
|
|
|
|
fi
|
|
|
|
|
2010-02-22 01:35:21 +01:00
|
|
|
exit 1
|
2008-12-09 17:50:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
not_configured () {
|
|
|
|
echo "#### WARNING ####"
|
|
|
|
echo "The firewall won't be started/stopped unless it is configured"
|
|
|
|
if [ "$1" != "stop" ]
|
|
|
|
then
|
|
|
|
echo ""
|
|
|
|
echo "Please read about Debian specific customization in"
|
2008-12-10 01:33:55 +01:00
|
|
|
echo "/usr/share/doc/shorewall6/README.Debian.gz."
|
2008-12-09 17:50:17 +01:00
|
|
|
fi
|
|
|
|
echo "#################"
|
|
|
|
exit 0
|
|
|
|
}
|
|
|
|
|
2012-03-31 01:21:37 +02:00
|
|
|
#
|
|
|
|
# The installer may alter this
|
|
|
|
#
|
|
|
|
. /usr/share/shorewall/shorewallrc
|
2012-03-24 21:05:39 +01:00
|
|
|
|
2008-12-09 17:50:17 +01:00
|
|
|
# check if shorewall is configured or not
|
2012-03-24 21:05:39 +01:00
|
|
|
if [ -f "${SYSCONFDIR}/shorewall6" ]
|
2008-12-09 17:50:17 +01:00
|
|
|
then
|
2012-03-24 21:05:39 +01:00
|
|
|
. ${SYSCONFDIR}/shorewall6
|
2008-12-09 17:50:17 +01:00
|
|
|
SRWL_OPTS="$SRWL_OPTS $OPTIONS"
|
|
|
|
if [ "$startup" != "1" ]
|
|
|
|
then
|
|
|
|
not_configured
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
not_configured
|
|
|
|
fi
|
|
|
|
|
2009-06-07 17:36:37 +02:00
|
|
|
[ "$INITLOG" = "/dev/null" ] && SHOREWALL_INIT_SCRIPT=1 || SHOREWALL_INIT_SCRIPT=0
|
2009-06-07 17:07:56 +02:00
|
|
|
|
|
|
|
export SHOREWALL_INIT_SCRIPT
|
|
|
|
|
2012-04-24 23:52:57 +02:00
|
|
|
# wait for an unconfigured interface
|
2008-12-09 17:50:17 +01:00
|
|
|
wait_for_pppd () {
|
|
|
|
if [ "$wait_interface" != "" ]
|
|
|
|
then
|
|
|
|
for i in $wait_interface
|
|
|
|
do
|
|
|
|
$WAIT_FOR_IFUP $i 90
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# start the firewall
|
2008-12-10 01:33:55 +01:00
|
|
|
shorewall6_start () {
|
|
|
|
echo -n "Starting \"Shorewall6 firewall\": "
|
2008-12-09 17:50:17 +01:00
|
|
|
wait_for_pppd
|
2012-01-16 19:03:13 +01:00
|
|
|
$SRWL $SRWL_OPTS start $STARTOPTIONS >> $INITLOG 2>&1 && echo "done." || echo_notdone
|
2008-12-09 17:50:17 +01:00
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
# stop the firewall
|
2008-12-10 01:33:55 +01:00
|
|
|
shorewall6_stop () {
|
2010-05-25 16:16:02 +02:00
|
|
|
if [ "$SAFESTOP" = 1 ]; then
|
2016-07-04 19:34:33 +02:00
|
|
|
echo -n "Stopping \"Shorewall6 firewall\": "
|
2010-05-25 16:16:02 +02:00
|
|
|
$SRWL $SRWL_OPTS stop >> $INITLOG 2>&1 && echo "done." || echo_notdone
|
|
|
|
else
|
2016-07-04 19:34:33 +02:00
|
|
|
echo -n "Clearing all \"Shorewall6 firewall\" rules: "
|
2010-05-25 16:16:02 +02:00
|
|
|
$SRWL $SRWL_OPTS clear >> $INITLOG 2>&1 && echo "done." || echo_notdone
|
|
|
|
fi
|
2008-12-09 17:50:17 +01:00
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
# restart the firewall
|
2008-12-10 01:33:55 +01:00
|
|
|
shorewall6_restart () {
|
|
|
|
echo -n "Restarting \"Shorewall6 firewall\": "
|
2012-01-16 19:03:13 +01:00
|
|
|
$SRWL $SRWL_OPTS restart $RESTARTOPTIONS >> $INITLOG 2>&1 && echo "done." || echo_notdone
|
2008-12-09 17:50:17 +01:00
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
# refresh the firewall
|
2008-12-10 01:33:55 +01:00
|
|
|
shorewall6_refresh () {
|
|
|
|
echo -n "Refreshing \"Shorewall6 firewall\": "
|
2008-12-09 17:50:17 +01:00
|
|
|
$SRWL $SRWL_OPTS refresh >> $INITLOG 2>&1 && echo "done." || echo_notdone
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
2011-11-02 00:55:02 +01:00
|
|
|
# status of the firewall
|
|
|
|
shorewall6_status () {
|
|
|
|
$SRWL $SRWL_OPTS status && exit 0 || exit $?
|
|
|
|
}
|
|
|
|
|
2008-12-09 17:50:17 +01:00
|
|
|
case "$1" in
|
|
|
|
start)
|
2008-12-10 01:33:55 +01:00
|
|
|
shorewall6_start
|
2008-12-09 17:50:17 +01:00
|
|
|
;;
|
|
|
|
stop)
|
2008-12-10 01:33:55 +01:00
|
|
|
shorewall6_stop
|
2008-12-09 17:50:17 +01:00
|
|
|
;;
|
|
|
|
refresh)
|
2008-12-10 01:33:55 +01:00
|
|
|
shorewall6_refresh
|
2008-12-09 17:50:17 +01:00
|
|
|
;;
|
|
|
|
force-reload|restart)
|
2008-12-10 01:33:55 +01:00
|
|
|
shorewall6_restart
|
2008-12-09 17:50:17 +01:00
|
|
|
;;
|
2011-11-02 00:55:02 +01:00
|
|
|
status)
|
|
|
|
shorewall6_status
|
|
|
|
;;
|
2008-12-09 17:50:17 +01:00
|
|
|
*)
|
2011-11-02 00:55:02 +01:00
|
|
|
echo "Usage: /etc/init.d/shorewall6 {start|stop|refresh|restart|force-reload|status}"
|
2008-12-09 17:50:17 +01:00
|
|
|
exit 1
|
|
|
|
esac
|
|
|
|
|
|
|
|
exit 0
|