Sophie

Sophie

distrib > Fedora > 15 > i386 > by-pkgid > 0deb88be3cabdf86ee67439f134fb5ce > files > 1

arptables_jf-0.0.8-21.fc15.i686.rpm

#!/bin/sh
#
### BEGIN INIT INFO
# Provides: arptables_jf
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Short-Description: userspace control program for the arptables network filter
# Description: The arptables_jf utility controls the arpfilter network packet filtering
#              code in the Linux kernel.  You do not need this program for normal
#              network firewalling.  If you need to manually control which arp
#              requests and/or replies this machine accepts and sends, you should
#              install this package.
### END INIT INFO

# Startup script to implement /etc/sysconfig/arptables pre-defined rules.
#
# chkconfig: - 08 92
#
# description: Automates a packet filtering firewall with arptables.
#
# by fenlason@redhat.com: based on iptables.init from the iptables package
# by bero@redhat.com, based on the ipchains script:
# Script Author:	Joshua Jensen <joshua@redhat.com>
#   -- hacked up by gafton with help from notting
# modified by Anton Altaparmakov <aia21@cam.ac.uk>:
# modified by Nils Philippsen <nils@redhat.de>
#
# config: /etc/sysconfig/arptables

# Source 'em up
. /etc/init.d/functions

ARPTABLES_CONFIG=/etc/sysconfig/arptables

arp_table() {
	if fgrep -qsx $1 /proc/net/arp_tables_names; then
		arptables -t "$@"
	fi
}

start() {
	if [ ! -x /sbin/arptables ]; then
		exit 4
	fi

	KERNELMAJ=`uname -r | sed                   -e 's,\..*,,'`
	KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`

	if [ "$KERNELMAJ" -lt 2 ] ; then
		echo "Not supported for kernel $KERNELMAJ.$KERNELMIN"
		exit 1
	fi
	if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
		echo "Not supported for kernel $KERNELMAJ.$KERNELMIN"
		exit 1
	fi

	# don't do squat if we don't have the config file
	echo -n $"Starting arptables_jf"
	if [ -f $ARPTABLES_CONFIG ]; then
		success
		# If we don't clear these first, we might be adding to
		# pre-existing rules.
		chains=`cat /proc/net/arp_tables_names 2>/dev/null`
		echo -n $"Flushing all current rules and user defined chains:"
		let ret=0
		for i in $chains; do arptables -t $i -F; let ret+=$?; done
		arptables -F
		let ret+=$?
		if [ $ret -eq 0 ]; then
			success
		else
			failure
		fi
		echo
		echo -n $"Clearing all current rules and user defined chains:"
		let ret=0
		for i in $chains; do arptables -t $i -X; let ret+=$?; done
		arptables -X
		let ret+=$?
		if [ $ret -eq 0 ]; then
			success
		else
			failure
		fi
		echo

		for i in $chains; do arptables -t $i -Z; done

		echo -n $"Applying arptables firewall rules: "
		grep -v "^[[:space:]]*#" $ARPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/arptables-restore -c && \
			success || \
			failure
		echo
		touch /var/lock/subsys/arptables
	else
		failure
		echo
		echo $"Configuration file /etc/sysconfig/arptables missing"
		exit 6
	fi
}

stop() {
	chains=`cat /proc/net/arp_tables_names 2>/dev/null`
	echo -n $"Flushing all chains:"
	let ret=0
	for i in $chains; do arptables -t $i -F; let ret+=$?; done
	arptables -F; let ret+=$?
	if [ $ret -eq 0 ]; then
		success
	else
		failure
	fi
	echo

	echo -n $"Removing user defined chains:"
	let ret=0
	for i in $chains; do arptables -t $i -X; let ret+=$?; done
	arptables -X; let ret+=$?
	if [ $ret -eq 0 ]; then
		success
	else
		failure
	fi
	echo
	echo -n $"Resetting built-in chains to the default ACCEPT policy:"
	arp_table filter -P IN ACCEPT && \
		arp_table filter -P OUT ACCEPT && \
		success || \
		failure
	echo
	rm -f /var/lock/subsys/arptables
}

case "$1" in
start)
	start
	;;

stop)
	stop
	;;

restart|reload)
	# "restart" is really just "start" as this isn't a daemon,
	# and "start" clears any pre-defined rules anyway.
	# This is really only here to make those who expect it happy
	start
	;;

condrestart|try-restart|force-reload)
	[ -e /var/lock/subsys/arptables ] && start
	;;

status)
	tables=`cat /proc/net/arp_tables_names 2>/dev/null`
	for table in $tables; do
		echo $"Table: $table"
		arptables -t $table --list
	done
	;;

panic)
	echo -n $"Changing target policies to DROP: "
	arp_table filter -P IN DROP && \
		arp_table filter -P OUT DROP && \
		success || failure
	echo
	echo -n "Flushing all chains:"
	arp_table filter -F IN && \
		arp_table filter -F OUT && \
		success || failure
	echo
	echo -n "Removing user defined chains:"
	arp_table filter -X && \
		success || failure
	echo
	;;

save)
	echo -n $"Saving current rules to $ARPTABLES_CONFIG: "
	touch $ARPTABLES_CONFIG
	chmod 600 $ARPTABLES_CONFIG
	/sbin/arptables-save -c > $ARPTABLES_CONFIG  2>/dev/null && \
	  success $"Saving current rules to $ARPTABLES_CONFIG" || \
	  failure $"Saving current rules to $ARPTABLES_CONFIG"
	echo
	;;

*)
	echo $"Usage: $0 {start|stop|restart|try-restart|force-reload|status|panic|save}"
	exit 2
esac

exit 0

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional