forked from extern/shorewall_code
ffc5a3c7df
Signed-off-by: Tom Eastep <teastep@shorewall.net>
151 lines
3.0 KiB
Bash
Executable File
151 lines
3.0 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# Shorewall init script
|
|
#
|
|
# chkconfig: - 09 91
|
|
# description: Initialize the shorewall firewall at boot time
|
|
#
|
|
### BEGIN INIT INFO
|
|
# Provides: shorewall-init
|
|
# Required-Start: $local_fs
|
|
# Required-Stop: $local_fs
|
|
# Default-Start: 3 4 5
|
|
# Default-Stop: 0 1 2 6
|
|
# Short-Description: Initialize the shorewall firewall at boot time
|
|
# Description: Place the firewall in a safe state at boot time
|
|
# prior to bringing up the network.
|
|
### END INIT INFO
|
|
|
|
# Do not load RH compatibility interface.
|
|
WITHOUT_RC_COMPAT=1
|
|
|
|
# Source function library.
|
|
. /etc/init.d/functions
|
|
|
|
#
|
|
# The installer may alter this
|
|
#
|
|
. /usr/share/shorewall/shorewallrc
|
|
NAME="Shorewall-init firewall"
|
|
PROG="shorewall-init"
|
|
SHOREWALL="$SBINDIR/$PROG"
|
|
LOGGER="logger -i -t $PROG"
|
|
|
|
# Get startup options (override default)
|
|
OPTIONS=
|
|
|
|
LOCKFILE=/var/lock/subsys/shorewall-init
|
|
|
|
# check if shorewall-init is configured or not
|
|
if [ -f "/etc/sysconfig/shorewall-init" ]; then
|
|
. /etc/sysconfig/shorewall-init
|
|
if [ -z "$PRODUCTS" ]; then
|
|
echo "No PRODUCTS configured"
|
|
exit 6
|
|
fi
|
|
else
|
|
echo "/etc/sysconfig/shorewall-init not found"
|
|
exit 6
|
|
fi
|
|
|
|
RETVAL=0
|
|
|
|
# set the STATEDIR variable
|
|
setstatedir() {
|
|
local statedir
|
|
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
|
|
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
|
|
fi
|
|
|
|
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
|
|
|
|
if [ -x ${STATEDIR}/firewall ]; then
|
|
return 0
|
|
elif [ $PRODUCT = shorewall ]; then
|
|
${SBINDIR}/shorewall compile
|
|
elif [ $PRODUCT = shorewall6 ]; then
|
|
${SBINDIR}/shorewall -6 compile
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
start() {
|
|
local PRODUCT
|
|
local STATEDIR
|
|
|
|
printf "Initializing \"Shorewall-based firewalls\": "
|
|
|
|
for PRODUCT in $PRODUCTS; do
|
|
if setstatedir; then
|
|
$STATEDIR/$PRODUCT/firewall ${OPTIONS} stop 2>&1 | "$LOGGER"
|
|
RETVAL=$?
|
|
else
|
|
RETVAL=6
|
|
break
|
|
fi
|
|
done
|
|
|
|
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
|
|
ipset -R < "$SAVE_IPSETS"
|
|
fi
|
|
|
|
[ $RETVAL -eq 0 ] && touch "$LOCKFILE"
|
|
return $RETVAL
|
|
}
|
|
|
|
stop() {
|
|
local PRODUCT
|
|
local STATEDIR
|
|
|
|
printf "Clearing \"Shorewall-based firewalls\": "
|
|
for PRODUCT in $PRODUCTS; do
|
|
if setstatedir; then
|
|
${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | "$LOGGER"
|
|
RETVAL=$?
|
|
else
|
|
RETVAL=6
|
|
break
|
|
fi
|
|
done
|
|
|
|
if [ -n "$SAVE_IPSETS" ]; then
|
|
mkdir -p $(dirname "$SAVE_IPSETS")
|
|
if ipset -S > "${SAVE_IPSETS}.tmp"; then
|
|
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
|
|
else
|
|
rm -f "${SAVE_IPSETS}.tmp"
|
|
fi
|
|
fi
|
|
|
|
[ $RETVAL -eq 0 ] && rm -f "$LOCKFILE"
|
|
return $RETVAL
|
|
}
|
|
|
|
# See how we were called.
|
|
case "$1" in
|
|
start)
|
|
start
|
|
;;
|
|
stop)
|
|
stop
|
|
;;
|
|
restart|reload|condrestart|condreload)
|
|
# "Not implemented"
|
|
;;
|
|
condstop)
|
|
if [ -e "$LOCKFILE" ]; then
|
|
stop
|
|
fi
|
|
;;
|
|
status)
|
|
status "$PROG"
|
|
RETVAL=$?
|
|
;;
|
|
*)
|
|
echo $"Usage: ${0##*/} {start|stop|restart|reload|condrestart|condstop|status}"
|
|
RETVAL=1
|
|
esac
|
|
|
|
exit $RETVAL
|