#!/bin/sh # # Startup script for the Firestarter Application Suite # # chkconfig: 2345 08 92 # # description: Automates the startup of Firestarter's generated ruleset # # Script Author: Paul Drain <pd@cipherfunk.org> # -- a hack taken from the default RH ipchains startup script # # config: /etc/firestarter/firewall.sh # # Source function library. . /etc/init.d/functions # Get config. . /etc/sysconfig/network # Check that networking is up. if [ ${NETWORKING} = "no" ] then exit 0 fi [ -x /usr/bin/firestarter ] || exit 0 FS_CONFIG="/etc/firestarter/firewall.sh" RETVAL=0 start() { if [ -f $FS_CONFIG ]; then # Clear the existing rulesets out, so we don't run into any duplicates action "Flushing all current rules and user defined chains:" iptables -F action "Clearing all current rules and user defined chains:" iptables -X action "Zeroing all current rules:" iptables -Z gprintf "Applying Firestarter configuration: " $FS_CONFIG success "Applying Firestarter configuration" || failure "Applying Firestarter configuration" echo touch /var/lock/subsys/firestarter fi } stop() { action "Flushing all current rules and user defined chains:" iptables -F action "Clearing all current rules and user defined chains:" iptables -X action "Zeroing all current rules:" iptables -Z gprintf "Resetting built-in chains to the default ACCEPT policy:" iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT success "Resetting built-in chains to the default ACCEPT policy" ||\ failure "Resetting built-in chains to the default ACCEPT policy" RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/firestarter return $RETVAL } panic() { gprintf "Changing target policies to DENY: " iptables -P INPUT DENY iptables -P FORWARD DENY iptables -P OUTPUT DENY success "Changing target policies to DENY" || failure "Changing target policies to DENY" echo action "Flushing all current rules and user defined chains:" iptables -F action "Clearing all current rules and user defined chains:" iptables -X action "Zeroing all current rules:" iptables -Z RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/firestarter return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) iptables -nL ;; restart) if [ -f /var/lock/subsys/firestarter ]; then stop start else start fi ;; panic) panic ;; *) gprintf "Usage: firestarter {start|stop|status|restart|panic}\n" exit 1 esac exit $RETVAL