slitaz-tools annotate etc/init.d/firewall @ rev 813
Current state, features stabilized and open for bugfixes and translations.
author | Aleksej Bobylev <al.bobylev@gmail.com> |
---|---|
date | Mon Sep 09 03:27:04 2013 +0300 (2013-09-09) |
parents | 4a32682281e3 |
children | 5d80f6fdbdb7 |
rev | line source |
---|---|
pankso@10 | 1 #!/bin/sh |
pankso@769 | 2 # |
pankso@769 | 3 # /etc/init.d/firewall : SliTaz firewall daemon script |
pankso@769 | 4 # Configuration file : /etc/slitaz/firewall.conf |
pankso@769 | 5 # Firewall script : /etc/slitaz/firewall.sh |
pankso@10 | 6 # |
pankso@10 | 7 . /etc/init.d/rc.functions |
pankso@769 | 8 . /etc/slitaz/firewall.conf |
pankso@10 | 9 |
pankso@769 | 10 case "$1" in |
pankso@769 | 11 start) |
pankso@769 | 12 # Kernel security. 0 = disable, 1 = enable. |
pankso@769 | 13 # |
pankso@769 | 14 if [ "$KERNEL_SECURITY" = "yes" ] ; then |
pankso@769 | 15 echo -n "Setting up kernel security rules... " |
pankso@769 | 16 # ICMP redirects acceptance. |
pankso@769 | 17 for conf in /proc/sys/net/ipv4/conf/*/accept_redirects ; do |
pankso@769 | 18 echo "0" > $conf |
pankso@769 | 19 done |
pankso@769 | 20 for conf in /proc/sys/net/ipv4/conf/*/secure_redirects ; do |
pankso@769 | 21 echo "0" > $conf |
pankso@769 | 22 done |
pankso@769 | 23 # IP source routing. |
pankso@769 | 24 for conf in /proc/sys/net/ipv4/conf/*/accept_source_route ; do |
pankso@769 | 25 echo "0" > $conf |
pankso@769 | 26 done |
pankso@769 | 27 # Log impossible addresses. |
pankso@769 | 28 for conf in /proc/sys/net/ipv4/conf/*/log_martians ; do |
pankso@769 | 29 echo "1" > $conf |
pankso@769 | 30 done |
pankso@769 | 31 # Ip spoofing protection |
pankso@769 | 32 for conf in /proc/sys/net/ipv4/conf/*/rp_filter; do |
pankso@769 | 33 echo "1" > $conf |
pankso@769 | 34 done |
pankso@769 | 35 echo "1" > /proc/sys/net/ipv4/tcp_syncookies |
pankso@769 | 36 status |
pankso@769 | 37 else |
pankso@769 | 38 echo "WARNING: Kernel security rules are disabled" |
pankso@769 | 39 fi |
pankso@769 | 40 # Netfilter/IPtables rules |
pankso@769 | 41 if [ "$IPTABLES_RULES" = "yes" ] ; then |
pankso@769 | 42 echo -n "Starting IPtables firewall: /etc/slitaz/firewall.sh" |
pankso@769 | 43 /etc/slitaz/firewall.sh |
pankso@769 | 44 status |
pankso@769 | 45 else |
pankso@769 | 46 echo "WARNING: IPtables rules are disabled" |
pankso@769 | 47 fi ;; |
pankso@769 | 48 stop) |
pankso@769 | 49 if [ "$IPTABLES_RULES" = "yes" ] ; then |
pankso@769 | 50 echo -n "Stopping iptables firewall rules... " |
pankso@769 | 51 iptables -P INPUT ACCEPT |
pankso@769 | 52 iptables -P OUTPUT ACCEPT |
pankso@769 | 53 iptables -P FORWARD ACCEPT |
pankso@769 | 54 iptables -F |
pankso@769 | 55 iptables -X |
pankso@769 | 56 status |
pankso@769 | 57 else |
pankso@769 | 58 echo "Iptables rules are disabled... " |
pankso@769 | 59 fi ;; |
pankso@769 | 60 restart) |
pankso@769 | 61 $0 stop |
pankso@769 | 62 sleep 2 |
pankso@769 | 63 $0 start ;; |
pankso@769 | 64 status) |
pankso@769 | 65 echo "" |
pankso@769 | 66 echo -e "\033[1m===================== SliTaz firewall statistics =====================\033[0m" |
pankso@769 | 67 echo "" |
pankso@769 | 68 if [ "$KERNEL_SECURITY" = "yes" ] ; then |
pankso@769 | 69 echo "Kernel security: enabled" |
pankso@769 | 70 else |
pankso@769 | 71 echo "Kernel security: disabled" |
pankso@769 | 72 fi |
pankso@769 | 73 echo -e "\nNetfilter/iptables rules:\n" |
pankso@769 | 74 iptables -nL |
pankso@769 | 75 echo "" ;; |
pankso@769 | 76 *) |
pankso@769 | 77 echo "" |
pankso@769 | 78 echo -e "\033[1mUsage:\033[0m $0 [start|stop|restart|status]" |
pankso@769 | 79 echo "" ;; |
pankso@10 | 80 esac |