Blame SPECS/arptables-helper
|
Packit Service |
8c84e4 |
#!/bin/bash
|
|
Packit Service |
8c84e4 |
# config: /etc/sysconfig/arptables
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
# Source 'em up
|
|
Packit Service |
8c84e4 |
. /etc/init.d/functions
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
ARPTABLES_CONFIG=/etc/sysconfig/arptables
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
flush_delete_chains() {
|
|
Packit Service |
8c84e4 |
echo -n $"Flushing all chains: "
|
|
Packit Service |
8c84e4 |
if arptables -F; then
|
|
Packit Service |
8c84e4 |
success
|
|
Packit Service |
8c84e4 |
else
|
|
Packit Service |
8c84e4 |
failure
|
|
Packit Service |
8c84e4 |
fi
|
|
Packit Service |
8c84e4 |
echo
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
echo -n $"Removing user defined chains: "
|
|
Packit Service |
8c84e4 |
if arptables -X; then
|
|
Packit Service |
8c84e4 |
success
|
|
Packit Service |
8c84e4 |
else
|
|
Packit Service |
8c84e4 |
failure
|
|
Packit Service |
8c84e4 |
fi
|
|
Packit Service |
8c84e4 |
echo
|
|
Packit Service |
8c84e4 |
}
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
start() {
|
|
Packit Service |
8c84e4 |
if [ ! -x /usr/sbin/arptables ]; then
|
|
Packit Service |
8c84e4 |
exit 4
|
|
Packit Service |
8c84e4 |
fi
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
# don't do squat if we don't have the config file
|
|
Packit Service |
8c84e4 |
if [ -f $ARPTABLES_CONFIG ]; then
|
|
Packit Service |
8c84e4 |
# If we don't clear these first, we might be adding to
|
|
Packit Service |
8c84e4 |
# pre-existing rules.
|
|
Packit Service |
8c84e4 |
flush_delete_chains
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
arptables -Z
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
echo -n $"Applying arptables firewall rules: "
|
|
Packit Service |
8c84e4 |
/usr/sbin/arptables-restore < $ARPTABLES_CONFIG && \
|
|
Packit Service |
8c84e4 |
success || \
|
|
Packit Service |
8c84e4 |
failure
|
|
Packit Service |
8c84e4 |
echo
|
|
Packit Service |
8c84e4 |
touch /var/lock/subsys/arptables
|
|
Packit Service |
8c84e4 |
else
|
|
Packit Service |
8c84e4 |
failure
|
|
Packit Service |
8c84e4 |
echo
|
|
Packit Service |
8c84e4 |
echo $"Configuration file /etc/sysconfig/arptables missing"
|
|
Packit Service |
8c84e4 |
exit 6
|
|
Packit Service |
8c84e4 |
fi
|
|
Packit Service |
8c84e4 |
}
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
stop() {
|
|
Packit Service |
8c84e4 |
flush_delete_chains
|
|
Packit Service |
8c84e4 |
echo -n $"Resetting built-in chains to the default ACCEPT policy:"
|
|
Packit Service |
8c84e4 |
arptables -P INPUT ACCEPT && \
|
|
Packit Service |
8c84e4 |
arptables -P OUTPUT ACCEPT && \
|
|
Packit Service |
8c84e4 |
success || \
|
|
Packit Service |
8c84e4 |
failure
|
|
Packit Service |
8c84e4 |
echo
|
|
Packit Service |
8c84e4 |
rm -f /var/lock/subsys/arptables
|
|
Packit Service |
8c84e4 |
}
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
case "$1" in
|
|
Packit Service |
8c84e4 |
start)
|
|
Packit Service |
8c84e4 |
start
|
|
Packit Service |
8c84e4 |
;;
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
stop)
|
|
Packit Service |
8c84e4 |
stop
|
|
Packit Service |
8c84e4 |
;;
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
restart|reload)
|
|
Packit Service |
8c84e4 |
# "restart" is really just "start" as this isn't a daemon,
|
|
Packit Service |
8c84e4 |
# and "start" clears any pre-defined rules anyway.
|
|
Packit Service |
8c84e4 |
# This is really only here to make those who expect it happy
|
|
Packit Service |
8c84e4 |
start
|
|
Packit Service |
8c84e4 |
;;
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
condrestart|try-restart|force-reload)
|
|
Packit Service |
8c84e4 |
[ -e /var/lock/subsys/arptables ] && start
|
|
Packit Service |
8c84e4 |
;;
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
*)
|
|
Packit Service |
8c84e4 |
exit 2
|
|
Packit Service |
8c84e4 |
esac
|
|
Packit Service |
8c84e4 |
|
|
Packit Service |
8c84e4 |
exit 0
|