search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Initial commit: Uploaded everything from abs/core
[arch-rock.git] / support / iptables / iptables
blob50c13d5c1cca04e4905a858f1d673da4ad77fc41
1 #!/bin/bash
2
3 # source application-specific settings
4 [ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
5
6 # Set defaults if settings are missing
7 [ -z "$IPTABLES" ] && IPTABLES=/usr/sbin/iptables
8 [ -z "$IPTABLES_CONF" ] && IPTABLES_CONF=/etc/iptables/iptables.rules
9
10 . /etc/rc.conf
11 . /etc/rc.d/functions
12
13 case "$1" in
14 start)
15 if [ ! -f $IPTABLES_CONF ]; then
16 echo "Cannot load iptables rules: $IPTABLES_CONF is missing!" >&2
17 exit 1
18 fi
19 stat_busy "Starting IP Tables"
20 if [ "$IPTABLES_FORWARD" = "1" ]; then
21 echo 1 >/proc/sys/net/ipv4/ip_forward
22 fi
23 if ck_daemon iptables; then
24 /usr/sbin/iptables-restore < $IPTABLES_CONF
25 if [ $? -gt 0 ]; then
26 stat_fail
27 else
28 add_daemon iptables
29 stat_done
30 fi
31 else
32 stat_fail
33 fi
34 ;;
35 stop)
36 stat_busy "Stopping IP Tables"
37 echo 0 >/proc/sys/net/ipv4/ip_forward
38 if ! ck_daemon iptables; then
39 fail=0
40 for table in $(cat /proc/net/ip_tables_names); do
41 $IPTABLES -t $table -F &>/dev/null && \
42 $IPTABLES -t $table -X &>/dev/null && \
43 $IPTABLES -t $table -Z &>/dev/null
44 [ $? -gt 0 ] && fail=1
45 done
46 if [ $fail -gt 0 ]; then
47 stat_fail
48 else
49 rm_daemon iptables
50 # reset policies
51 for table in filter nat mangle raw; do
52 if grep -qw $table /proc/net/ip_tables_names; then
53 $IPTABLES -t $table -P OUTPUT ACCEPT
54 fi
55 done
56 for table in filter mangle; do
57 if grep -qw $table /proc/net/ip_tables_names; then
58 $IPTABLES -t $table -P INPUT ACCEPT
59 $IPTABLES -t $table -P FORWARD ACCEPT
60 fi
61 done
62 for table in nat mangle raw; do
63 if grep -qw $table /proc/net/ip_tables_names; then
64 $IPTABLES -t $table -P PREROUTING ACCEPT
65 fi
66 done
67 for table in nat mangle; do
68 if grep -qw $table /proc/net/ip_tables_names; then
69 $IPTABLES -t $table -P POSTROUTING ACCEPT
70 fi
71 done
72 stat_done
73 fi
74 else
75 stat_fail
76 fi
77 ;;
78 restart)
79 $0 stop
80 sleep 2
81 $0 start
82 ;;
83 save)
84 stat_busy "Saving IP Tables"
85 /usr/sbin/iptables-save >$IPTABLES_CONF
86 if [ $? -gt 0 ]; then
87 stat_fail
88 else
89 stat_done
90 fi
91 ;;
92 *)
93 echo "usage: $0 {start|stop|restart|save}"
94 esac
95 exit 0
Arch Rock Linux - Stable release of Arch Linux