slitaz-tools view rootfs/etc/init.d/firewall @ rev 435
improve firewall and iptables_rules (thanks gokhlayeh)
| author | Rohit Joshi <jozee@slitaz.org> |
|---|---|
| date | Fri Mar 12 12:01:54 2010 +0000 (2010-03-12) |
| parents | db0e82bebc70 |
| children |
line source
1 #!/bin/sh
2 # /etc/init.d/firewall - SliTaz firewall daemon script using iptables.
3 # Config file is: /etc/firewall.conf
4 #
5 . /etc/init.d/rc.functions
6 . /etc/firewall.conf
8 case $1 in
9 start)
10 # Kernel security. 0 = disable, 1 = enable.
11 #
12 if [ "$KERNEL_SECURITY" = "yes" ] ; then
13 echo -n "Setting up kernel security rules... "
14 # ICMP redirects acceptance.
15 for conf in /proc/sys/net/ipv4/conf/*/accept_redirects ; do
16 echo "0" > $conf
17 done
18 for conf in /proc/sys/net/ipv4/conf/*/secure_redirects ; do
19 echo "0" > $conf
20 done
21 # IP source routing.
22 for conf in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
23 echo "0" > $conf
24 done
25 # Log impossible addresses.
26 for conf in /proc/sys/net/ipv4/conf/*/log_martians ; do
27 echo "1" > $conf
28 done
29 # Ip spoofing protection.
30 for conf in /proc/sys/net/ipv4/conf/*/rp_filter ; do
31 echo "1" > $conf
32 done
33 echo "1" > /proc/sys/net/ipv4/tcp_syncookies
34 status
35 else
36 echo "Kernel security rules are disabled in: /etc/firewall.conf... "
37 fi
38 # Netfilter/iptables rules. We get the rules from /etc/firewall.conf.
39 #
40 if [ "$IPTABLES_RULES" = "yes" ] ; then
41 echo -n "Setting up iptables rules defined in: /etc/firewall.conf... "
42 iptables_rules
43 status
44 else
45 echo "Iptables rules are disabled in: /etc/firewall.conf... "
46 exit 0
47 fi
48 ;;
49 stop)
50 if [ "$IPTABLES_RULES" = "yes" ] ; then
51 echo -n "Stopping iptables firewall rules... "
52 iptables -P INPUT ACCEPT
53 iptables -P OUTPUT ACCEPT
54 iptables -P FORWARD ACCEPT
55 iptables -F
56 iptables -X
57 status
58 else
59 echo "Iptables rules are disabled in: /etc/firewall.conf... "
60 exit 0
61 fi
62 ;;
63 restart)
64 $0 stop
65 sleep 2
66 $0 start
67 ;;
68 status)
69 echo ""
70 echo -e "\033[1m===================== SliTaz firewall statistics =====================\033[0m"
71 echo ""
72 if [ "$KERNEL_SECURITY" = "yes" ] ; then
73 echo "Kernel security: enabled"
74 else
75 echo "Kernel security: disabled"
76 fi
77 echo ""
78 echo "Netfilter/iptables rules: "
79 echo ""
80 iptables -nL
81 echo ""
82 ;;
83 *)
84 echo ""
85 echo -e "\033[1mUsage:\033[0m /etc/init.d/`basename $0` [start|stop|restart|status]"
86 echo ""
87 exit 1
88 ;;
89 esac