Tryag File Manager
Home
-
Turbo Force
Current Path :
/
etc
/
rc.d
/
init.d
/
Upload File :
New :
File
Dir
//etc/rc.d/init.d/arptables_jf
#!/bin/sh # # Startup script to implement /etc/sysconfig/arptables pre-defined rules. # # chkconfig: 2345 08 92 # # description: Automates a packet filtering firewall with arptables. # # by fenlason@redhat.com: based on iptables.init from the iptables package # by bero@redhat.com, based on the ipchains script: # Script Author: Joshua Jensen <joshua@redhat.com> # -- hacked up by gafton with help from notting # modified by Anton Altaparmakov <aia21@cam.ac.uk>: # modified by Nils Philippsen <nils@redhat.de> # # config: /etc/sysconfig/arptables # Source 'em up . /etc/init.d/functions ARPTABLES_CONFIG=/etc/sysconfig/arptables if [ ! -x /sbin/arptables ]; then exit 0 fi KERNELMAJ=`uname -r | sed -e 's,\..*,,'` KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'` if [ "$KERNELMAJ" -lt 2 ] ; then exit 0 fi if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then exit 0 fi arp_table() { if fgrep -qsx $1 /proc/net/arp_tables_names; then arptables -t "$@" fi } start() { # don't do squat if we don't have the config file if [ -f $ARPTABLES_CONFIG ]; then # If we don't clear these first, we might be adding to # pre-existing rules. chains=`cat /proc/net/arp_tables_names 2>/dev/null` echo -n $"Flushing all current rules and user defined chains:" let ret=0 for i in $chains; do arptables -t $i -F; let ret+=$?; done arptables -F let ret+=$? if [ $ret -eq 0 ]; then success else failure fi echo echo -n $"Clearing all current rules and user defined chains:" let ret=0 for i in $chains; do arptables -t $i -X; let ret+=$?; done arptables -X let ret+=$? if [ $ret -eq 0 ]; then success else failure fi echo for i in $chains; do arptables -t $i -Z; done echo -n $"Applying arptables firewall rules: " grep -v "^[[:space:]]*#" $ARPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/arptables-restore -c && \ success || \ failure echo touch /var/lock/subsys/arptables fi } stop() { chains=`cat /proc/net/arp_tables_names 2>/dev/null` echo -n $"Flushing all chains:" let ret=0 for i in $chains; do arptables -t $i -F; let ret+=$?; done arptables -F; let ret+=$? if [ $ret -eq 0 ]; then success else failure fi echo echo -n $"Removing user defined chains:" let ret=0 for i in $chains; do arptables -t $i -X; let ret+=$?; done arptables -X; let ret+=$? if [ $ret -eq 0 ]; then success else failure fi echo echo -n $"Resetting built-in chains to the default ACCEPT policy:" arp_table filter -P IN ACCEPT && \ arp_table filter -P OUT ACCEPT && \ success || \ failure echo rm -f /var/lock/subsys/arptables } case "$1" in start) start ;; stop) stop ;; restart) # "restart" is really just "start" as this isn't a daemon, # and "start" clears any pre-defined rules anyway. # This is really only here to make those who expect it happy start ;; condrestart) [ -e /var/lock/subsys/arptables ] && start ;; status) tables=`cat /proc/net/arp_tables_names 2>/dev/null` for table in $tables; do echo $"Table: $table" arptables -t $table --list done ;; panic) echo -n $"Changing target policies to DROP: " arp_table filter -P IN DROP && \ arp_table filter -P OUT DROP && \ success || failure echo echo -n "Flushing all chains:" arp_table filter -F IN && \ arp_table filter -F OUT && \ success || failure echo echo -n "Removing user defined chains:" arp_table filter -X && \ success || failure echo ;; save) echo -n $"Saving current rules to $ARPTABLES_CONFIG: " touch $ARPTABLES_CONFIG chmod 600 $ARPTABLES_CONFIG /sbin/arptables-save -c > $ARPTABLES_CONFIG 2>/dev/null && \ success $"Saving current rules to $ARPTABLES_CONFIG" || \ failure $"Saving current rules to $ARPTABLES_CONFIG" echo ;; *) echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}" exit 1 esac exit 0