laurenceman / rpms / iptables

Forked from rpms/iptables 5 years ago
Clone
8cce6c
#!/bin/bash
8cce6c
# config: /etc/sysconfig/arptables
8cce6c
8cce6c
# Source 'em up
8cce6c
. /etc/init.d/functions
8cce6c
8cce6c
ARPTABLES_CONFIG=/etc/sysconfig/arptables
8cce6c
8cce6c
flush_delete_chains() {
8cce6c
	echo -n $"Flushing all chains: "
8cce6c
	if arptables -F; then
8cce6c
		success
8cce6c
	else
8cce6c
		failure
8cce6c
	fi
8cce6c
	echo
8cce6c
8cce6c
	echo -n $"Removing user defined chains: "
8cce6c
	if arptables -X; then
8cce6c
		success
8cce6c
	else
8cce6c
		failure
8cce6c
	fi
8cce6c
	echo
8cce6c
}
8cce6c
8cce6c
start() {
8cce6c
	if [ ! -x /usr/sbin/arptables ]; then
8cce6c
		exit 4
8cce6c
	fi
8cce6c
8cce6c
	# don't do squat if we don't have the config file
8cce6c
	if [ -f $ARPTABLES_CONFIG ]; then
8cce6c
		# If we don't clear these first, we might be adding to
8cce6c
		# pre-existing rules.
8cce6c
                flush_delete_chains
8cce6c
8cce6c
		arptables -Z
8cce6c
8cce6c
		echo -n $"Applying arptables firewall rules: "
8cce6c
		/usr/sbin/arptables-restore < $ARPTABLES_CONFIG && \
8cce6c
			success || \
8cce6c
			failure
8cce6c
		echo
8cce6c
		touch /var/lock/subsys/arptables
8cce6c
	else
8cce6c
		failure
8cce6c
		echo
8cce6c
		echo $"Configuration file /etc/sysconfig/arptables missing"
8cce6c
		exit 6
8cce6c
	fi
8cce6c
}
8cce6c
8cce6c
stop() {
8cce6c
        flush_delete_chains
8cce6c
	echo -n $"Resetting built-in chains to the default ACCEPT policy:"
8cce6c
	arptables -P INPUT ACCEPT && \
8cce6c
		arptables -P OUTPUT ACCEPT && \
8cce6c
		success || \
8cce6c
		failure
8cce6c
	echo
8cce6c
	rm -f /var/lock/subsys/arptables
8cce6c
}
8cce6c
8cce6c
case "$1" in
8cce6c
start)
8cce6c
	start
8cce6c
	;;
8cce6c
8cce6c
stop)
8cce6c
	stop
8cce6c
	;;
8cce6c
8cce6c
restart|reload)
8cce6c
	# "restart" is really just "start" as this isn't a daemon,
8cce6c
	# and "start" clears any pre-defined rules anyway.
8cce6c
	# This is really only here to make those who expect it happy
8cce6c
	start
8cce6c
	;;
8cce6c
8cce6c
condrestart|try-restart|force-reload)
8cce6c
	[ -e /var/lock/subsys/arptables ] && start
8cce6c
	;;
8cce6c
8cce6c
*)
8cce6c
	exit 2
8cce6c
esac
8cce6c
8cce6c
exit 0