#!/bin/bash # # init script for the Ethernet Bridge filter tables # # Written by Dag Wieers <dag@wieers.com> # Modified by Rok Papez <rok.papez@arnes.si> # Bart De Schuymer <bdschuym@pandora.be> # # chkconfig: - 15 85 # description: Ethernet Bridge filtering tables # # config: /etc/sysconfig/ebtables (text) # /etc/sysconfig/ebtables.<table> (binary) # ### BEGIN INIT INFO # Provides: ebtables # Required-Start: $network # Required-Stop: $network # Default-Start: 3 4 5 # Short-Description: Ethernet Bridge filter tables # Description: Ethernet Bridge filter tables ### END INIT INFO source /etc/init.d/functions source /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 [ -x /sbin//ebtables ] || exit 1 [ -x /sbin//ebtables-save ] || exit 1 [ -x /sbin//ebtables-restore ] || exit 1 RETVAL=0 prog="ebtables" desc="Ethernet bridge filtering" umask 0077 #default configuration EBTABLES_TEXT_FORMAT="yes" EBTABLES_BINARY_FORMAT="yes" EBTABLES_MODULES_UNLOAD="yes" EBTABLES_SAVE_ON_STOP="no" EBTABLES_SAVE_ON_RESTART="no" EBTABLES_SAVE_COUNTER="no" config=/etc/sysconfig/$prog-config [ -f "$config" ] && . "$config" start() { echo -n $"Starting $desc ($prog): " if [ "$EBTABLES_BINARY_FORMAT" = "yes" ]; then for table in $(ls /etc/sysconfig/ebtables.* 2>/dev/null | sed -e 's/.*ebtables\.//' -e '/save/d' ); do /sbin//ebtables -t $table --atomic-file /etc/sysconfig/ebtables.$table --atomic-commit || RETVAL=1 done else /sbin//ebtables-restore < /etc/sysconfig/ebtables || RETVAL=1 fi if [ $RETVAL -eq 0 ]; then success "$prog startup" rm -f /var/lock/subsys/$prog else failure "$prog startup" fi echo } stop() { echo -n $"Stopping $desc ($prog): " for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do /sbin//ebtables -t $table --init-table || RETVAL=1 done if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -f1 -d' ') ebtables; do rmmod $mod 2> /dev/null done fi if [ $RETVAL -eq 0 ]; then success "$prog shutdown" rm -f /var/lock/subsys/$prog else failure "$prog shutdown" fi echo } restart() { stop start } save() { echo -n $"Saving $desc ($prog): " if [ "$EBTABLES_TEXT_FORMAT" = "yes" ]; then if [ -e /etc/sysconfig/ebtables ]; then chmod 0600 /etc/sysconfig/ebtables mv -f /etc/sysconfig/ebtables /etc/sysconfig/ebtables.save fi /sbin//ebtables-save > /etc/sysconfig/ebtables || RETVAL=1 fi if [ "$EBTABLES_BINARY_FORMAT" = "yes" ]; then rm -f /etc/sysconfig/ebtables.*.save for oldtable in $(ls /etc/sysconfig/ebtables.* 2>/dev/null | grep -vF 'ebtables.save'); do chmod 0600 $oldtable mv -f $oldtable $oldtable.save done for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do /sbin//ebtables -t $table --atomic-file /etc/sysconfig/ebtables.$table --atomic-save || RETVAL=1 if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then /sbin//ebtables -t $table --atomic-file /etc/sysconfig/ebtables.$table -Z || RETVAL=1 fi done fi if [ $RETVAL -eq 0 ]; then success "$prog saved" else failure "$prog saved" fi echo } case "$1" in start) start ;; stop) [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save stop ;; restart|reload) [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save restart ;; condrestart) [ -e /var/lock/subsys/$prog ] && restart RETVAL=$? ;; save) save ;; status) /sbin//ebtables-save RETVAL=$? ;; *) echo $"Usage $0 {start|stop|restart|condrestart|save|status}" RETVAL=1 esac exit $RETVAL