diff options
| author | unammx <unammx> | 2001-09-19 00:32:06 +0000 |
|---|---|---|
| committer | unammx <unammx> | 2001-09-19 00:32:06 +0000 |
| commit | f444bfac7574905a8c2b6a39b0bed08eeef3b17e (patch) | |
| tree | f0f0df5509c47ffc960523431cbb143f1e6fa5e7 /files | |
| parent | b202e358164a8d3cae772504246b7b07f2c2ae85 (diff) | |
Sun Sep 16 14:03:56 2001 Arturo Espinosa Aldama <arturo@ximian.com>
* Makefile.am: install debian_ipchains.
Diffstat (limited to 'files')
| -rw-r--r-- | files/ChangeLog | 4 | ||||
| -rwxr-xr-x | files/debian_ipchains | 86 |
2 files changed, 90 insertions, 0 deletions
diff --git a/files/ChangeLog b/files/ChangeLog new file mode 100644 index 0000000..118ee1d --- /dev/null +++ b/files/ChangeLog @@ -0,0 +1,4 @@ +Sun Sep 16 14:03:56 2001 Arturo Espinosa Aldama <arturo@ximian.com> + + * Makefile.am: install debian_ipchains. + diff --git a/files/debian_ipchains b/files/debian_ipchains new file mode 100755 index 0000000..de9c98f --- /dev/null +++ b/files/debian_ipchains @@ -0,0 +1,86 @@ +#!/bin/sh +# +# Startup script to implement /etc/sysconfig/ipchains pre-defined rules. +# +# chkconfig: - 08 92 +# +# description: Automates a packet filtering firewall with ipchains. +# +# Script Author: Joshua Jensen <joshua@redhat.com> +# -- hacked up by gafton with help from notting +# +# config: /etc/sysconfig/ipchains + +IPCHAINS_CONFIG=/etc/network/ipchains + +if [ ! -x /sbin/ipchains ]; then + exit 0 +fi + +case "$1" in + start) + # don't do squat if we don't have the config file + if [ -f $IPCHAINS_CONFIG ]; then + # If we don't clear these first, we might be adding to + # pre-existing rules. + /sbin/ipchains -F + /sbin/ipchains -X + /sbin/ipchains -Z + echo -n "Applying ipchains firewall rules: " + grep -v "^#" $IPCHAINS_CONFIG | ipchains-restore -p -f && \ + echo "success." || \ + echo "failure." + echo +# touch /var/lock/subsys/ipchains + fi + ;; + + stop) + /sbin/ipchains -F + /sbin/ipchains -X + echo -n "Resetting built-in chains to the default ACCEPT policy:" + /sbin/ipchains -P input ACCEPT && \ + /sbin/ipchains -P forward ACCEPT && \ + /sbin/ipchains -P output ACCEPT && \ + echo "success." || \ + echo "failure." + echo +# rm -f /var/lock/subsys/ipchains + ;; + + restart) + # "restart" is really just "start" as this isn't a daemon, + # and "start" clears any pre-defined rules anyway. + # This is really only here to make those who expect it happy + $0 start + ;; + + status) + /sbin/ipchains -nL + ;; + + panic) + echo -n "Changing target policies to DENY: " + /sbin/ipchains -P input DENY && \ + /sbin/ipchains -P forward DENY && \ + /sbin/ipchains -P output DENY && \ + echo "success." || \ + echo "failure." + /sbin/ipchains -F + /sbin/ipchains -X + ;; + + save) + echo -n "Saving current rules to $IPCHAINS_CONFIG: " + ipchains-save > $IPCHAINS_CONFIG 2>/dev/null && \ + echo "success." || \ + echo "failure." + ;; + + *) + echo "Usage: $0 {start|stop|restart|status|panic|save}" + exit 1 +esac + +exit 0 + |