2009-01-24 18:42:58 +01:00
|
|
|
#
|
2008-12-08 19:45:58 +01:00
|
|
|
# Give Usage Information
|
|
|
|
#
|
|
|
|
usage() {
|
2009-01-24 18:04:06 +01:00
|
|
|
echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ -r ] [ start|stop|clear|reset|refresh|restart|status|version ]"
|
2008-12-08 19:45:58 +01:00
|
|
|
exit $1
|
|
|
|
}
|
|
|
|
################################################################################
|
|
|
|
# E X E C U T I O N B E G I N S H E R E #
|
|
|
|
################################################################################
|
|
|
|
#
|
|
|
|
# Start trace if first arg is "debug" or "trace"
|
|
|
|
#
|
|
|
|
if [ $# -gt 1 ]; then
|
|
|
|
if [ "x$1" = "xtrace" ]; then
|
|
|
|
set -x
|
|
|
|
shift
|
|
|
|
elif [ "x$1" = "xdebug" ]; then
|
|
|
|
DEBUG=Yes
|
|
|
|
shift
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
initialize
|
|
|
|
|
2009-01-24 17:36:43 +01:00
|
|
|
[ -n "${PRODUCT:=Shorewall}" ]
|
|
|
|
|
2008-12-08 19:45:58 +01:00
|
|
|
finished=0
|
|
|
|
|
|
|
|
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
|
|
|
option=$1
|
|
|
|
case $option in
|
|
|
|
-*)
|
|
|
|
option=${option#-}
|
|
|
|
|
|
|
|
[ -z "$option" ] && usage 1
|
|
|
|
|
|
|
|
while [ -n "$option" ]; do
|
|
|
|
case $option in
|
|
|
|
v*)
|
|
|
|
VERBOSE=$(($VERBOSE + 1 ))
|
|
|
|
option=${option#v}
|
|
|
|
;;
|
|
|
|
q*)
|
|
|
|
VERBOSE=$(($VERBOSE - 1 ))
|
|
|
|
option=${option#q}
|
|
|
|
;;
|
2009-01-24 18:04:06 +01:00
|
|
|
r*)
|
2009-01-24 18:42:58 +01:00
|
|
|
if [ -n "$NORTC" ]; then
|
2009-01-24 18:04:06 +01:00
|
|
|
error_message "The -n and -r options are mutually exclusive"
|
2009-01-24 17:36:43 +01:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2009-01-24 18:42:58 +01:00
|
|
|
RTCONLY=Yes
|
2009-01-24 18:04:06 +01:00
|
|
|
option=${option#r}
|
2009-01-24 17:36:43 +01:00
|
|
|
PRODUCT="$PRODUCT Traffic Control and Routing"
|
|
|
|
;;
|
2008-12-08 19:45:58 +01:00
|
|
|
n*)
|
2009-01-24 18:42:58 +01:00
|
|
|
if [ -n "$RTCONLY" ]; then
|
2009-01-24 18:04:06 +01:00
|
|
|
error_message "The -n and -r options are mutually exclusive"
|
2009-01-24 17:36:43 +01:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2009-01-24 18:42:58 +01:00
|
|
|
NORTC=Yes
|
2008-12-08 19:45:58 +01:00
|
|
|
option=${option#n}
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
usage 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
finished=1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
|
|
|
COMMAND="$1"
|
|
|
|
|
|
|
|
case "$COMMAND" in
|
|
|
|
start)
|
|
|
|
[ $# -ne 1 ] && usage 2
|
2009-01-24 18:42:58 +01:00
|
|
|
if [ -n "$RTCONLY" ]; then
|
2009-01-24 17:36:43 +01:00
|
|
|
progress_message3 "Starting $PRODUCT...."
|
|
|
|
define_firewall
|
|
|
|
status=$?
|
|
|
|
progress_message3 "done."
|
|
|
|
elif shorewall6_is_started; then
|
2008-12-08 19:45:58 +01:00
|
|
|
error_message "$PRODUCT is already Running"
|
|
|
|
status=0
|
|
|
|
else
|
|
|
|
progress_message3 "Starting $PRODUCT...."
|
|
|
|
define_firewall
|
|
|
|
status=$?
|
|
|
|
[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
|
|
|
|
progress_message3 "done."
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
stop)
|
|
|
|
[ $# -ne 1 ] && usage 2
|
|
|
|
progress_message3 "Stopping $PRODUCT...."
|
2009-01-24 18:42:58 +01:00
|
|
|
if [ -n "$RTCONLY" ]; then
|
2009-01-24 17:36:43 +01:00
|
|
|
delete_tc1
|
|
|
|
else
|
|
|
|
stop_firewall
|
|
|
|
fi
|
2008-12-08 19:45:58 +01:00
|
|
|
status=0
|
|
|
|
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
|
|
|
progress_message3 "done."
|
|
|
|
;;
|
|
|
|
reset)
|
2009-01-24 18:42:58 +01:00
|
|
|
if [ -n "${NORTC}$"{RTCONLY} ]; then
|
2009-01-24 18:04:06 +01:00
|
|
|
error_message "The -n and -r options may not be used with 'reset'"
|
2009-01-24 17:36:43 +01:00
|
|
|
status=1
|
|
|
|
elif ! shorewall_is_started ; then
|
2008-12-08 19:45:58 +01:00
|
|
|
error_message "$PRODUCT is not running"
|
|
|
|
status=2
|
|
|
|
elif [ $# -eq 1 ]; then
|
|
|
|
$IPTABLES -Z
|
|
|
|
$IPTABLES -t nat -Z
|
|
|
|
$IPTABLES -t mangle -Z
|
|
|
|
date > ${VARDIR}/restarted
|
|
|
|
status=0
|
|
|
|
progress_message3 "$PRODUCT Counters Reset"
|
|
|
|
else
|
|
|
|
shift
|
|
|
|
status=0
|
|
|
|
for chain in $@; do
|
|
|
|
if chain_exists $chain; then
|
|
|
|
if qt $IPTABLES -Z $chain; then
|
|
|
|
progress_message3 "Filter $chain Counters Reset"
|
|
|
|
else
|
|
|
|
error_message "ERROR: Reset of chain $chain failed"
|
|
|
|
status=2
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
error_message "WARNING: Filter Chain $chain does not exist"
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
restart)
|
|
|
|
[ $# -ne 1 ] && usage 2
|
|
|
|
if shorewall_is_started; then
|
|
|
|
progress_message3 "Restarting $PRODUCT...."
|
|
|
|
else
|
|
|
|
error_message "$PRODUCT is not running"
|
|
|
|
progress_message3 "Starting $PRODUCT...."
|
|
|
|
fi
|
|
|
|
|
|
|
|
define_firewall
|
|
|
|
status=$?
|
|
|
|
if [ -n "$SUBSYSLOCK" ]; then
|
|
|
|
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
|
|
|
fi
|
|
|
|
progress_message3 "done."
|
|
|
|
;;
|
|
|
|
refresh)
|
|
|
|
[ $# -ne 1 ] && usage 2
|
2009-01-24 18:42:58 +01:00
|
|
|
if [ -n "${NORTC}$"{RTCONLY} ]; then
|
2009-01-24 18:04:06 +01:00
|
|
|
error_message "The -n and -r options may not be used with 'refresh'"
|
2009-01-24 17:36:43 +01:00
|
|
|
status=1
|
|
|
|
elif shorewall_is_started; then
|
2008-12-08 19:45:58 +01:00
|
|
|
progress_message3 "Refreshing $PRODUCT...."
|
|
|
|
define_firewall
|
|
|
|
status=$?
|
|
|
|
progress_message3 "done."
|
|
|
|
else
|
|
|
|
echo "$PRODUCT is not running" >&2
|
|
|
|
status=2
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
restore)
|
|
|
|
[ $# -ne 1 ] && usage 2
|
2009-01-24 18:42:58 +01:00
|
|
|
if [ -n "${NORTC}$"{RTCONLY} ]; then
|
2009-01-24 18:04:06 +01:00
|
|
|
error_message "The -n and -r options may not be used with 'restart'"
|
2009-01-24 17:36:43 +01:00
|
|
|
status=1
|
|
|
|
else
|
|
|
|
define_firewall
|
|
|
|
status=$?
|
|
|
|
if [ -n "$SUBSYSLOCK" ]; then
|
|
|
|
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
|
|
|
fi
|
|
|
|
fi
|
2008-12-08 19:45:58 +01:00
|
|
|
;;
|
|
|
|
clear)
|
|
|
|
[ $# -ne 1 ] && usage 2
|
2009-01-24 18:42:58 +01:00
|
|
|
if [ -n "${NORTC}$"{RTCONLY} ]; then
|
2009-01-24 18:04:06 +01:00
|
|
|
error_message "The -n and -r options may not be used with 'clear'"
|
2009-01-24 17:36:43 +01:00
|
|
|
status=1
|
|
|
|
else
|
|
|
|
progress_message3 "Clearing $PRODUCT...."
|
|
|
|
clear_firewall
|
|
|
|
status=0
|
|
|
|
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
|
|
|
progress_message3 "done."
|
|
|
|
fi
|
2008-12-08 19:45:58 +01:00
|
|
|
;;
|
|
|
|
status)
|
|
|
|
[ $# -ne 1 ] && usage 2
|
|
|
|
echo "$PRODUCT-$VERSION Status at $HOSTNAME - $(date)"
|
|
|
|
echo
|
|
|
|
if shorewall_is_started; then
|
|
|
|
echo "$PRODUCT is running"
|
|
|
|
status=0
|
|
|
|
else
|
|
|
|
echo "$PRODUCT is stopped"
|
|
|
|
status=4
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -f ${VARDIR}/state ]; then
|
|
|
|
state="$(cat ${VARDIR}/state)"
|
|
|
|
case $state in
|
|
|
|
Stopped*|Clear*)
|
|
|
|
status=3
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
else
|
|
|
|
state=Unknown
|
|
|
|
fi
|
|
|
|
echo "State:$state"
|
|
|
|
echo
|
|
|
|
;;
|
|
|
|
version)
|
|
|
|
[ $# -ne 1 ] && usage 2
|
|
|
|
echo $VERSION
|
|
|
|
status=0
|
|
|
|
;;
|
|
|
|
help)
|
|
|
|
[ $# -ne 1 ] && usage 2
|
|
|
|
usage 0
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
usage 2
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
exit $status
|