fina/rc.fina

   1 #!/bin/bash
   2
   3 # source application-specific settings
   4 #[ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
   5
   6 IPTABLES='/usr/sbin/iptables'
   7 FINA='/usr/sbin/fina'
   8
   9 . /etc/rc.conf
  10 . /etc/rc.d/functions
  11
  12 case "$1" in
  13         start)
  14                 stat_busy "Starting fina firewall"
  15                 $FINA -l 2>&1
  16                 if [ $? -gt 0 ]; then
  17                         stat_fail
  18                 else
  19                         add_daemon fina
  20                         stat_done
  21                 fi
  22                 ;;
  23         stop)
  24                 stat_busy "Stopping fina firewall"
  25                 fail=0
  26                 for table in $(cat /proc/net/ip_tables_names) ; do
  27                         $IPTABLES -t $table -F &>/dev/null && \
  28                                 $IPTABLES -t $table -X &>/dev/null && \
  29                                 $IPTABLES -t $table -Z &>/dev/null
  30                         [ $? -gt 0 ] && fail=1
  31                 done
  32                 if [ $fail -gt 0 ]; then
  33                         stat_fail
  34                 else
  35                         rm_daemon fina
  36                         # reset policies
  37                         for table in filter nat mangle raw ; do
  38                                 if grep -qw $table /proc/net/ip_tables_names ; then
  39                                         $IPTABLES -t $table -P OUTPUT ACCEPT
  40                                 fi
  41                         done
  42                         for table in filter mangle ; do
  43                                 if grep -qw $table /proc/net/ip_tables_names ; then
  44                                         $IPTABLES -t $table -P INPUT ACCEPT
  45                                         $IPTABLES -t $table -P FORWARD ACCEPT
  46                                 fi
  47                         done
  48                         for table in nat mangle raw ; do
  49                                 if grep -qw $table /proc/net/ip_tables_names ; then
  50                                         $IPTABLES -t $table -P PREROUTING ACCEPT
  51                                 fi
  52                         done
  53                         for table in nat mangle ; do
  54                                 if grep -qw $table /proc/net/ip_tables_names ; then
  55                                         $IPTABLES -t $table -P POSTROUTING ACCEPT
  56                                 fi
  57                         done
  58                         stat_done
  59                 fi
  60                 ;;
  61         restart)
  62                 $0 stop
  63                 sleep 2
  64                 $0 start
  65                 ;;
  66         *)
  67                 echo "usage: $0 {start|stop|restart}"
  68 esac
  69
  70 exit 0