-
Notifications
You must be signed in to change notification settings - Fork 0
/
rc.iptables
executable file
·157 lines (130 loc) · 2.87 KB
/
rc.iptables
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/bin/bash
### BEGIN INIT INFO
# Provides: rc.firewall
# Required-Start: $local_fs $network $syslog
# Required-Stop: $local_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Interactive: true
# Short-Description: Start/Stop firewall rules
### END INIT INFO
######################################################
####
# This configuraion for netfilter/iptables is made for
# a laptop computer and cannot be used for a server. Any
# packets droped is logged in /var/log/iptables previously
# configured in syslogd as a the kern facility for the DEBUG
# level.
#
# Every name used for the logs file will be analyse with a AWK
# script called by a bash script who could be used by cron
# to get back log file daily.
#
# Contact : [email protected]
####
####
# Global variable
FSTATUS="/var/run/iptables.stat"
RULES="/usr/local/script/ipt_rules"
IPTABLES="/sbin/iptables"
IP6TABLES="/sbin/ip6tables"
####
# Load init-functions
. /lib/lsb/init-functions
########################################################
if [ ! `id -u` -eq 0 ]
then
log_action_msg "You must be root to run iptables rules"
log_end_msg 1
exit 1
fi
if [ ! -x $RULES ]; then
log_action_msg "Cannot execute or find ipt_rules"
log_end_msg 1
exit 1
fi
if [ ! -x $IPTABLES ]; then
log_action_msg "Cannot execute iptables"
log_end_msg 1
exit 1
fi
####
# Load iptables rules
. $RULES
if [ $# -ne 1 ]; then
log_action_msg "Usage : ${0##*/} { start | stop | restart | status }"
log_end_msg 255
exit 1
fi
if [ ! -f $FSTATUS ]; then
echo 0 > $FSTATUS
fi
IPTSTATUS=`cat $FSTATUS`
case $1 in
start)
if [ $IPTSTATUS -eq 1 ]; then
log_action_msg "iptables rules are already running"
log_end_msg 0
exit 0
fi
log_daemon_msg "Starting iptables rules..." "rc.iptables"
if start ; then
echo 1 > $FSTATUS
log_end_msg 0
else
log_end_msg 1
fi
;;
stop)
if [ $IPTSTATUS -eq 0 ]; then
log_action_msg "iptables rules are already stopped"
log_end_msg 0
exit 0
fi
log_daemon_msg "Stopping iptables rules..." "rc.iptables"
if stop ; then
echo 0 > $FSTATUS
log_end_msg 0
else
log_end_msg 1
fi
;;
status)
if [ $IPTSTATUS -eq 0 ]; then
log_success_msg "Protection is disable"
else
log_success_msg "Protection is enable"
fi
;;
restart)
if [ $IPTSTATUS -eq 0 ]; then
log_daemon_msg "Starting iptables rules..." "rc.iptables"
if start ; then
echo 1 > $FSTATUS
log_end_msg 0
else
log_end_msg 1
fi
else
log_daemon_msg "Stopping iptables rules..." "rc.iptables"
if stop ; then
echo 0 > $FSTATUS
log_end_msg 0
else
log_end_msg 1
fi
log_daemon_msg "Starting iptables rules..." "rc.iptables"
if start ; then
echo 1 > $FSTATUS
log_end_msg 0
else
log_end_msg 1
fi
fi
;;
*)
log_action_msg "Usage : ${0##*/} { start | stop | restart | status }"
log_end_msg 255
;;
esac
exit 0