ordentliches firewall script

[svn42.git] / firewall

diff --git a/firewall b/firewall
new file mode 100755 (executable)
index 0000000..997d9b5
--- /dev/null
+++ b/firewall
@@ -0,0 +1,84 @@
+#!/bin/bash
+#  Firewall Script by Bernhard Tittelbach
+#
+### BEGIN INIT INFO
+# Provides:          firewall
+# Required-Start:    $syslog $local_fs $network
+# Required-Stop:     $syslog $local_fs $network
+# Should-Start:      
+# Should-Stop:       
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Firewall
+# Description:       see above
+### END INIT INFO
+
+PATH=/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+. /lib/lsb/init-functions
+
+IPTABLES=iptables
+IP6TABLES=ip6tables
+OUTPUT=$(mktemp)
+RC=0
+
+FIREWALL_CONFIG=/flash/etc/firewall.conf
+
+runrule()
+{
+  rule="$1"
+  IPT=$IPTABLES
+  if [ $(($2)) -eq 6 ]; then
+    IPT=$IP6TABLES 
+    ipv=6
+  else
+    ipv=4
+  fi
+  $IPT $rule &> $OUTPUT
+  rc=$?
+  if [ $rc -ne 0 ] ; then
+    RC=$rc
+    logger -s -i -p daemon.err "Error running ipv${ipv} rule: $rule, error was $(cat $OUTPUT)"
+  fi
+}
+
+ip4()
+{
+  runrule "$*" 4
+}
+
+ip6()
+{
+  runrule "$*" 6
+}
+
+finish()
+{
+  rm -f $OUTPUT
+}
+
+. $FIREWALL_CONFIG
+
+
+case "$1" in
+  start)       log_daemon_msg "Starting " "firewall"
+        start_firewall
+        finish
+        log_end_msg $RC
+       ;;
+  stop)        log_daemon_msg "Stopping " "firewall"
+        stop_firewall
+        finish
+        log_end_msg $RC
+        ;;
+  restart)     log_daemon_msg "Restarting " "firewall"
+        stop_firewall
+        start_firewall
+        finish
+        log_end_msg $RC
+        ;;
+*)     log_action_msg "Usage: /etc/init.d/cron {start|stop|restart}"
+        exit 2
+        ;;
+esac
+exit 0