slitaz-tools annotate rootfs/etc/init.d/firewall @ rev 10
Add the defautl rootfs use to build the tools bin pkg
author | Christophe Lincoln <pankso@slitaz.org> |
---|---|
date | Sun Dec 02 21:00:38 2007 +0100 (2007-12-02) |
parents | |
children | db0e82bebc70 |
rev | line source |
---|---|
pankso@10 | 1 #!/bin/sh |
pankso@10 | 2 # /etc/init.d/firewall - SliTaz firewall demon script using iptables. |
pankso@10 | 3 # Config file is: /etc/firewall.conf |
pankso@10 | 4 # |
pankso@10 | 5 . /etc/init.d/rc.functions |
pankso@10 | 6 . /etc/firewall.conf |
pankso@10 | 7 |
pankso@10 | 8 case $1 in |
pankso@10 | 9 start) |
pankso@10 | 10 # Kernel security. 0 = disable, 1 = enable. |
pankso@10 | 11 # |
pankso@10 | 12 if [ "$KERNEL_SECURITY" = "yes" ] ; then |
pankso@10 | 13 echo -n "Setting up kernel security rules... " |
pankso@10 | 14 # ICMP redirects acceptance. |
pankso@10 | 15 for conf in /proc/sys/net/ipv4/conf/*/accept_redirects ; do |
pankso@10 | 16 echo "0" > $conf |
pankso@10 | 17 done |
pankso@10 | 18 for conf in /proc/sys/net/ipv4/conf/*/secure_redirects ; do |
pankso@10 | 19 echo "0" > $conf |
pankso@10 | 20 done |
pankso@10 | 21 # IP source routing. |
pankso@10 | 22 for conf in /proc/sys/net/ipv4/conf/*/accept_source_route ; do |
pankso@10 | 23 echo "0" > $conf |
pankso@10 | 24 done |
pankso@10 | 25 # Log impossible addresses. |
pankso@10 | 26 for conf in /proc/sys/net/ipv4/conf/*/log_martians ; do |
pankso@10 | 27 echo "1" > $conf |
pankso@10 | 28 done |
pankso@10 | 29 # Ip spoofing protection. |
pankso@10 | 30 for conf in /proc/sys/net/ipv4/conf/*/rp_filter ; do |
pankso@10 | 31 echo "1" > $conf |
pankso@10 | 32 done |
pankso@10 | 33 echo "1" > /proc/sys/net/ipv4/tcp_syncookies |
pankso@10 | 34 status |
pankso@10 | 35 else |
pankso@10 | 36 echo "Kernel security rules are disabled in: /etc/firewall.conf... " |
pankso@10 | 37 fi |
pankso@10 | 38 # Netfilter/iptables rules. We get the rules from /etc/firewall.conf. |
pankso@10 | 39 # |
pankso@10 | 40 if [ "$IPTABLES_RULES" = "yes" ] ; then |
pankso@10 | 41 echo -n "Setting up iptables rules defined in: /etc/firewall.conf... " |
pankso@10 | 42 iptables_rules |
pankso@10 | 43 status |
pankso@10 | 44 else |
pankso@10 | 45 echo "Iptables rules are disabled in: /etc/firewall.conf... " |
pankso@10 | 46 exit 0 |
pankso@10 | 47 fi |
pankso@10 | 48 ;; |
pankso@10 | 49 stop) |
pankso@10 | 50 if [ "$IPTABLES_RULES" = "yes" ] ; then |
pankso@10 | 51 echo -n "Stopping iptables firewall rules... " |
pankso@10 | 52 iptables -P INPUT ACCEPT |
pankso@10 | 53 iptables -P OUTPUT ACCEPT |
pankso@10 | 54 iptables -F |
pankso@10 | 55 iptables -X |
pankso@10 | 56 status |
pankso@10 | 57 else |
pankso@10 | 58 echo "Iptables rules are disabled in: /etc/firewall.conf... " |
pankso@10 | 59 exit 0 |
pankso@10 | 60 fi |
pankso@10 | 61 ;; |
pankso@10 | 62 restart) |
pankso@10 | 63 $0 stop |
pankso@10 | 64 sleep 2 |
pankso@10 | 65 $0 start |
pankso@10 | 66 ;; |
pankso@10 | 67 status) |
pankso@10 | 68 echo "" |
pankso@10 | 69 echo -e "\033[1m===================== SliTaz firewall statistics =====================\033[0m" |
pankso@10 | 70 echo "" |
pankso@10 | 71 if [ "$KERNEL_SECURITY" = "yes" ] ; then |
pankso@10 | 72 echo "Kernel security: enabled" |
pankso@10 | 73 else |
pankso@10 | 74 echo "Kernel security: disabled" |
pankso@10 | 75 fi |
pankso@10 | 76 echo "" |
pankso@10 | 77 echo "Netfilter/iptables rules: " |
pankso@10 | 78 echo "" |
pankso@10 | 79 iptables -nL |
pankso@10 | 80 echo "" |
pankso@10 | 81 ;; |
pankso@10 | 82 *) |
pankso@10 | 83 echo "" |
pankso@10 | 84 echo -e "\033[1mUsage:\033[0m /etc/init.d/`basename $0` [start|stop|restart|status]" |
pankso@10 | 85 echo "" |
pankso@10 | 86 exit 1 |
pankso@10 | 87 ;; |
pankso@10 | 88 esac |
pankso@10 | 89 |