slitaz-tools view etc/init.d/firewall @ rev 1020
tazbox/ssh: add proxy ssh support
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Wed Apr 19 17:21:06 2017 +0200 (2017-04-19) |
| parents | 91dc7e3eab55 |
| children |
line source
1 #!/bin/sh
2 #
3 # /etc/init.d/firewall : SliTaz firewall daemon script
4 # Configuration file : /etc/slitaz/firewall.conf
5 # Firewall script : /etc/slitaz/firewall.sh
6 #
8 . /etc/init.d/rc.functions
9 . /etc/slitaz/firewall.conf
11 case "$1" in
12 start)
13 # Kernel security. 0 = disable, 1 = enable.
14 #
15 if [ "$KERNEL_SECURITY" = "yes" ] ; then
16 echo -n "Setting up kernel security rules... "
18 # ICMP redirects acceptance.
19 for conf in /proc/sys/net/ipv4/conf/*/accept_redirects ; do
20 echo "0" > $conf
21 done
22 for conf in /proc/sys/net/ipv4/conf/*/secure_redirects ; do
23 echo "0" > $conf
24 done
26 # IP source routing.
27 for conf in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
28 echo "0" > $conf
29 done
31 # Log impossible addresses.
32 for conf in /proc/sys/net/ipv4/conf/*/log_martians ; do
33 echo "1" > $conf
34 done
36 # Ip spoofing protection
37 for conf in /proc/sys/net/ipv4/conf/*/rp_filter; do
38 echo "1" > $conf
39 done
40 echo "1" > /proc/sys/net/ipv4/tcp_syncookies
41 status
42 else
43 echo "WARNING: Kernel security rules are disabled"
44 fi
45 # Netfilter/IPtables rules
46 if [ "$IPTABLES_RULES" = "yes" ] ; then
47 echo -n "Starting IPtables firewall: /etc/slitaz/firewall.sh"
48 /etc/slitaz/firewall.sh
49 status
50 else
51 echo "WARNING: IPtables rules are disabled"
52 fi ;;
53 stop)
54 if [ "$IPTABLES_RULES" = "yes" ] ; then
55 echo -n "Stopping iptables firewall rules... "
56 iptables -P INPUT ACCEPT
57 iptables -P OUTPUT ACCEPT
58 iptables -P FORWARD ACCEPT
59 iptables -F
60 iptables -X
61 status
62 else
63 echo "Iptables rules are disabled... "
64 fi ;;
65 restart)
66 $0 stop
67 sleep 2
68 $0 start ;;
69 status)
70 echo ""
71 echo -e "\033[1m===================== SliTaz firewall statistics =====================\033[0m"
72 echo ""
73 if [ "$KERNEL_SECURITY" = "yes" ] ; then
74 echo "Kernel security: enabled"
75 else
76 echo "Kernel security: disabled"
77 fi
78 echo -e "\nNetfilter/iptables rules:\n"
79 iptables -nL
80 echo "" ;;
81 *)
82 echo ""
83 echo -e "\033[1mUsage:\033[0m $0 [start|stop|restart|status]"
84 echo "" ;;
85 esac