slitaz-tools annotate etc/init.d/firewall @ rev 813
Current state, features stabilized and open for bugfixes and translations.
| author | Aleksej Bobylev <al.bobylev@gmail.com> |
|---|---|
| date | Mon Sep 09 03:27:04 2013 +0300 (2013-09-09) |
| parents | 4a32682281e3 |
| children | 5d80f6fdbdb7 |
| rev | line source |
|---|---|
| pankso@10 | 1 #!/bin/sh |
| pankso@769 | 2 # |
| pankso@769 | 3 # /etc/init.d/firewall : SliTaz firewall daemon script |
| pankso@769 | 4 # Configuration file : /etc/slitaz/firewall.conf |
| pankso@769 | 5 # Firewall script : /etc/slitaz/firewall.sh |
| pankso@10 | 6 # |
| pankso@10 | 7 . /etc/init.d/rc.functions |
| pankso@769 | 8 . /etc/slitaz/firewall.conf |
| pankso@10 | 9 |
| pankso@769 | 10 case "$1" in |
| pankso@769 | 11 start) |
| pankso@769 | 12 # Kernel security. 0 = disable, 1 = enable. |
| pankso@769 | 13 # |
| pankso@769 | 14 if [ "$KERNEL_SECURITY" = "yes" ] ; then |
| pankso@769 | 15 echo -n "Setting up kernel security rules... " |
| pankso@769 | 16 # ICMP redirects acceptance. |
| pankso@769 | 17 for conf in /proc/sys/net/ipv4/conf/*/accept_redirects ; do |
| pankso@769 | 18 echo "0" > $conf |
| pankso@769 | 19 done |
| pankso@769 | 20 for conf in /proc/sys/net/ipv4/conf/*/secure_redirects ; do |
| pankso@769 | 21 echo "0" > $conf |
| pankso@769 | 22 done |
| pankso@769 | 23 # IP source routing. |
| pankso@769 | 24 for conf in /proc/sys/net/ipv4/conf/*/accept_source_route ; do |
| pankso@769 | 25 echo "0" > $conf |
| pankso@769 | 26 done |
| pankso@769 | 27 # Log impossible addresses. |
| pankso@769 | 28 for conf in /proc/sys/net/ipv4/conf/*/log_martians ; do |
| pankso@769 | 29 echo "1" > $conf |
| pankso@769 | 30 done |
| pankso@769 | 31 # Ip spoofing protection |
| pankso@769 | 32 for conf in /proc/sys/net/ipv4/conf/*/rp_filter; do |
| pankso@769 | 33 echo "1" > $conf |
| pankso@769 | 34 done |
| pankso@769 | 35 echo "1" > /proc/sys/net/ipv4/tcp_syncookies |
| pankso@769 | 36 status |
| pankso@769 | 37 else |
| pankso@769 | 38 echo "WARNING: Kernel security rules are disabled" |
| pankso@769 | 39 fi |
| pankso@769 | 40 # Netfilter/IPtables rules |
| pankso@769 | 41 if [ "$IPTABLES_RULES" = "yes" ] ; then |
| pankso@769 | 42 echo -n "Starting IPtables firewall: /etc/slitaz/firewall.sh" |
| pankso@769 | 43 /etc/slitaz/firewall.sh |
| pankso@769 | 44 status |
| pankso@769 | 45 else |
| pankso@769 | 46 echo "WARNING: IPtables rules are disabled" |
| pankso@769 | 47 fi ;; |
| pankso@769 | 48 stop) |
| pankso@769 | 49 if [ "$IPTABLES_RULES" = "yes" ] ; then |
| pankso@769 | 50 echo -n "Stopping iptables firewall rules... " |
| pankso@769 | 51 iptables -P INPUT ACCEPT |
| pankso@769 | 52 iptables -P OUTPUT ACCEPT |
| pankso@769 | 53 iptables -P FORWARD ACCEPT |
| pankso@769 | 54 iptables -F |
| pankso@769 | 55 iptables -X |
| pankso@769 | 56 status |
| pankso@769 | 57 else |
| pankso@769 | 58 echo "Iptables rules are disabled... " |
| pankso@769 | 59 fi ;; |
| pankso@769 | 60 restart) |
| pankso@769 | 61 $0 stop |
| pankso@769 | 62 sleep 2 |
| pankso@769 | 63 $0 start ;; |
| pankso@769 | 64 status) |
| pankso@769 | 65 echo "" |
| pankso@769 | 66 echo -e "\033[1m===================== SliTaz firewall statistics =====================\033[0m" |
| pankso@769 | 67 echo "" |
| pankso@769 | 68 if [ "$KERNEL_SECURITY" = "yes" ] ; then |
| pankso@769 | 69 echo "Kernel security: enabled" |
| pankso@769 | 70 else |
| pankso@769 | 71 echo "Kernel security: disabled" |
| pankso@769 | 72 fi |
| pankso@769 | 73 echo -e "\nNetfilter/iptables rules:\n" |
| pankso@769 | 74 iptables -nL |
| pankso@769 | 75 echo "" ;; |
| pankso@769 | 76 *) |
| pankso@769 | 77 echo "" |
| pankso@769 | 78 echo -e "\033[1mUsage:\033[0m $0 [start|stop|restart|status]" |
| pankso@769 | 79 echo "" ;; |
| pankso@10 | 80 esac |