search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
updated on Wed Jan 18 08:00:29 UTC 2012
[aur-mirror.git] / iptables-l7 / ip6tables
blob1733db281da6f3def1af598ee5d6389019a93b22
1 #!/bin/bash
2
3 # source application-specific settings
4 [ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
5
6 # Set defaults if settings are missing
7 [ -z "$IP6TABLES" ] && IP6TABLES=/usr/sbin/ip6tables
8 [ -z "$IP6TABLES_CONF" ] && IP6TABLES_CONF=/etc/iptables/ip6tables.rules
9
10 . /etc/rc.conf
11 . /etc/rc.d/functions
12
13 case "$1" in
14 start)
15 if [ ! -f $IP6TABLES_CONF ]; then
16 echo "Cannot load iptables rules: $IP6TABLES_CONF is missing!" >&2
17 exit 1
18 fi
19 stat_busy "Starting IP6 Tables"
20 if [ "$IPTABLES_FORWARD" = "1" ]; then
21 echo 1 >/proc/sys/net/ipv6/conf/default/forwarding
22 echo 1 >/proc/sys/net/ipv6/conf/all/forwarding
23 fi
24 if ck_daemon ip6tables; then
25 /usr/sbin/ip6tables-restore < $IP6TABLES_CONF
26 if [ $? -gt 0 ]; then
27 stat_fail
28 else
29 add_daemon ip6tables
30 stat_done
31 fi
32 else
33 stat_fail
34 fi
35 ;;
36 stop)
37 stat_busy "Stopping IP6 Tables"
38 echo 0 >/proc/sys/net/ipv6/conf/all/forwarding
39 echo 0 >/proc/sys/net/ipv6/conf/default/forwarding
40 if ! ck_daemon ip6tables; then
41 fail=0
42 for table in $(cat /proc/net/ip6_tables_names); do
43 $IP6TABLES -t $table -F &>/dev/null && \
44 $IP6TABLES -t $table -X &>/dev/null && \
45 $IP6TABLES -t $table -Z &>/dev/null
46 [ $? -gt 0 ] && fail=1
47 done
48 if [ $fail -gt 0 ]; then
49 stat_fail
50 else
51 rm_daemon ip6tables
52 # reset policies
53 for table in filter mangle raw; do
54 if grep -qw $table /proc/net/ip6_tables_names; then
55 $IP6TABLES -t $table -P OUTPUT ACCEPT
56 fi
57 done
58 for table in filter mangle; do
59 if grep -qw $table /proc/net/ip6_tables_names; then
60 $IP6TABLES -t $table -P INPUT ACCEPT
61 $IP6TABLES -t $table -P FORWARD ACCEPT
62 fi
63 done
64 for table in mangle raw; do
65 if grep -qw $table /proc/net/ip6_tables_names; then
66 $IP6TABLES -t $table -P PREROUTING ACCEPT
67 fi
68 done
69 for table in mangle; do
70 if grep -qw $table /proc/net/ip6_tables_names; then
71 $IP6TABLES -t $table -P POSTROUTING ACCEPT
72 fi
73 done
74 stat_done
75 fi
76 else
77 stat_fail
78 fi
79 ;;
80 restart)
81 $0 stop
82 sleep 2
83 $0 start
84 ;;
85 save)
86 stat_busy "Saving IP6 Tables"
87 /usr/sbin/ip6tables-save >$IP6TABLES_CONF
88 if [ $? -gt 0 ]; then
89 stat_fail
90 else
91 stat_done
92 fi
93 ;;
94 *)
95 echo "usage: $0 {start|stop|restart|save}"
96 esac
97 exit 0
AUR mirror