029dc7
#!/bin/bash
029dc7
# config: /etc/sysconfig/arptables
029dc7
029dc7
# Source 'em up
029dc7
. /etc/init.d/functions
029dc7
029dc7
ARPTABLES_CONFIG=/etc/sysconfig/arptables
029dc7
029dc7
flush_delete_chains() {
029dc7
	echo -n $"Flushing all chains: "
029dc7
	if arptables -F; then
029dc7
		success
029dc7
	else
029dc7
		failure
029dc7
	fi
029dc7
	echo
029dc7
029dc7
	echo -n $"Removing user defined chains: "
029dc7
	if arptables -X; then
029dc7
		success
029dc7
	else
029dc7
		failure
029dc7
	fi
029dc7
	echo
029dc7
}
029dc7
029dc7
start() {
029dc7
	if [ ! -x /usr/sbin/arptables ]; then
029dc7
		exit 4
029dc7
	fi
029dc7
029dc7
	# don't do squat if we don't have the config file
029dc7
	if [ -f $ARPTABLES_CONFIG ]; then
029dc7
		# If we don't clear these first, we might be adding to
029dc7
		# pre-existing rules.
029dc7
                flush_delete_chains
029dc7
029dc7
		arptables -Z
029dc7
029dc7
		echo -n $"Applying arptables firewall rules: "
029dc7
		/usr/sbin/arptables-restore < $ARPTABLES_CONFIG && \
029dc7
			success || \
029dc7
			failure
029dc7
		echo
029dc7
		touch /var/lock/subsys/arptables
029dc7
	else
029dc7
		failure
029dc7
		echo
029dc7
		echo $"Configuration file /etc/sysconfig/arptables missing"
029dc7
		exit 6
029dc7
	fi
029dc7
}
029dc7
029dc7
stop() {
029dc7
        flush_delete_chains
029dc7
	echo -n $"Resetting built-in chains to the default ACCEPT policy:"
029dc7
	arptables -P INPUT ACCEPT && \
029dc7
		arptables -P OUTPUT ACCEPT && \
029dc7
		success || \
029dc7
		failure
029dc7
	echo
029dc7
	rm -f /var/lock/subsys/arptables
029dc7
}
029dc7
029dc7
case "$1" in
029dc7
start)
029dc7
	start
029dc7
	;;
029dc7
029dc7
stop)
029dc7
	stop
029dc7
	;;
029dc7
029dc7
restart|reload)
029dc7
	# "restart" is really just "start" as this isn't a daemon,
029dc7
	# and "start" clears any pre-defined rules anyway.
029dc7
	# This is really only here to make those who expect it happy
029dc7
	start
029dc7
	;;
029dc7
029dc7
condrestart|try-restart|force-reload)
029dc7
	[ -e /var/lock/subsys/arptables ] && start
029dc7
	;;
029dc7
029dc7
*)
029dc7
	exit 2
029dc7
esac
029dc7
029dc7
exit 0