slitaz-tools view etc/init.d/firewall @ rev 813
Current state, features stabilized and open for bugfixes and translations.
| author | Aleksej Bobylev <al.bobylev@gmail.com> |
|---|---|
| date | Mon Sep 09 03:27:04 2013 +0300 (2013-09-09) |
| parents | 4a32682281e3 |
| children | 5d80f6fdbdb7 |
line source
1 #!/bin/sh
2 #
3 # /etc/init.d/firewall : SliTaz firewall daemon script
4 # Configuration file : /etc/slitaz/firewall.conf
5 # Firewall script : /etc/slitaz/firewall.sh
6 #
7 . /etc/init.d/rc.functions
8 . /etc/slitaz/firewall.conf
10 case "$1" in
11 start)
12 # Kernel security. 0 = disable, 1 = enable.
13 #
14 if [ "$KERNEL_SECURITY" = "yes" ] ; then
15 echo -n "Setting up kernel security rules... "
16 # ICMP redirects acceptance.
17 for conf in /proc/sys/net/ipv4/conf/*/accept_redirects ; do
18 echo "0" > $conf
19 done
20 for conf in /proc/sys/net/ipv4/conf/*/secure_redirects ; do
21 echo "0" > $conf
22 done
23 # IP source routing.
24 for conf in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
25 echo "0" > $conf
26 done
27 # Log impossible addresses.
28 for conf in /proc/sys/net/ipv4/conf/*/log_martians ; do
29 echo "1" > $conf
30 done
31 # Ip spoofing protection
32 for conf in /proc/sys/net/ipv4/conf/*/rp_filter; do
33 echo "1" > $conf
34 done
35 echo "1" > /proc/sys/net/ipv4/tcp_syncookies
36 status
37 else
38 echo "WARNING: Kernel security rules are disabled"
39 fi
40 # Netfilter/IPtables rules
41 if [ "$IPTABLES_RULES" = "yes" ] ; then
42 echo -n "Starting IPtables firewall: /etc/slitaz/firewall.sh"
43 /etc/slitaz/firewall.sh
44 status
45 else
46 echo "WARNING: IPtables rules are disabled"
47 fi ;;
48 stop)
49 if [ "$IPTABLES_RULES" = "yes" ] ; then
50 echo -n "Stopping iptables firewall rules... "
51 iptables -P INPUT ACCEPT
52 iptables -P OUTPUT ACCEPT
53 iptables -P FORWARD ACCEPT
54 iptables -F
55 iptables -X
56 status
57 else
58 echo "Iptables rules are disabled... "
59 fi ;;
60 restart)
61 $0 stop
62 sleep 2
63 $0 start ;;
64 status)
65 echo ""
66 echo -e "\033[1m===================== SliTaz firewall statistics =====================\033[0m"
67 echo ""
68 if [ "$KERNEL_SECURITY" = "yes" ] ; then
69 echo "Kernel security: enabled"
70 else
71 echo "Kernel security: disabled"
72 fi
73 echo -e "\nNetfilter/iptables rules:\n"
74 iptables -nL
75 echo "" ;;
76 *)
77 echo ""
78 echo -e "\033[1mUsage:\033[0m $0 [start|stop|restart|status]"
79 echo "" ;;
80 esac