Sophie

Sophie

distrib > Mandriva > 8.2 > i586 > media > main-src > by-pkgid > 4952224269434d9b2e60ec1a91864ac2 > files > 3

ipchains-1.3.10-5mdk.src.rpm

#!/bin/sh
#
# Startup script to implement /etc/sysconfig/ipchains pre-defined rules.
#
# chkconfig: 2345 08 92
#
# description: Automates a packet filtering firewall with ipchains.
#
# Script Author:	Joshua Jensen <joshua@redhat.com>
#   -- hacked up by gafton with help from notting
#
# config: /etc/sysconfig/ipchains

# Source 'em up
. /etc/init.d/functions

IPCHAINS_CONFIG=/etc/sysconfig/ipchains

if [ ! -x /sbin/ipchains ]; then
	exit 0
fi

KERNELMAJ=`uname -r | sed                   -e 's,\..*,,'`
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`

if [ "$KERNELMAJ" -lt 2 ] ; then
	exit 0
fi
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 2 ] ; then
	exit 0
fi

if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -gt 3 ] ; then
	IP_MODULES=`lsmod | awk ' /^ip/ { print $1 } '`
	if [ -z "$IP_MODULES" ] ;then
		action "Install Backward Compatibility with ipchains for kernel 2.4" modprobe ipchains
	elif echo $IP_MODULES | grep -q ipchains ; then
		echo "Found Backward Compatibility with ipchains for kernel 2.4"
	else
		echo "To use Backward Compatibility with ipchains for kernel 2.4"
		echo "Use: /sbin/modprobe ipchains"
		exit 0
	fi
fi

case "$1" in
  start)
	# don't do squat if we don't have the config file
	if [ -f $IPCHAINS_CONFIG ]; then
	    # If we don't clear these first, we might be adding to
	    #  pre-existing rules.
	    action "Flushing all current rules and user defined chains:" ipchains -F
	    action "Clearing all current rules and user defined chains:" ipchains -X
	    ipchains -Z
	    echo -n "Applying ipchains firewall rules: "
		grep -v "^[[:space:]]*#" $IPCHAINS_CONFIG | grep -v '^[[:space:]]*$' | /sbin/ipchains-restore -p -f && \
		    success "Applying ipchains firewall rules" || \
		    failure "Applying ipchains firewall rules"
	    echo
	    touch /var/lock/subsys/ipchains
	fi
	;;

  stop)
	action "Flushing all chains:" ipchains -F
	action "Removing user defined chains:" ipchains -X
	echo -n "Resetting built-in chains to the default ACCEPT policy:"
	ipchains -P input ACCEPT && \
	    ipchains -P forward ACCEPT && \
	    ipchains -P output ACCEPT && \
	  success "Resetting built-in chains to the default ACCEPT policy" || \
	  failure "Resetting built-in chains to the default ACCEPT policy"
	echo
	rm -f /var/lock/subsys/ipchains
	;;

  restart|reload)
	# "restart" is really just "start" as this isn't a daemon,
	#  and "start" clears any pre-defined rules anyway.
	#  This is really only here to make those who expect it happy
	$0 start
	;;

  status)
	ipchains -nL
	;;

  panic)
	echo -n "Changing target policies to DENY: "	
	ipchains -P input DENY && \
	    ipchains -P forward DENY && \
	    ipchains -P output DENY && \
	  success "Changing target policies to DENY" || \
	  failure "Changing target policies to DENY"
	echo
	action "Flushing all chains:" ipchains -F
	action "Removing user defined chains:" ipchains -X
	;;

  save)
	echo -n "Saving current rules to $IPCHAINS_CONFIG: "
	/sbin/ipchains-save > $IPCHAINS_CONFIG  2>/dev/null && \
	  success "Saving current rules to $IPCHAINS_CONFIG" || \
	  failure "Saving current rules to $IPCHAINS_CONFIG"
	echo
	;;

  *)
	echo "Usage: $0 {start|stop|restart|status|panic|save}"
	exit 1
esac

exit 0

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional