qubes-iptables 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. #!/bin/bash
  2. #
  3. # qubes-iptables Start Qubes base iptables firewall
  4. #
  5. # chkconfig: 2345 08 92
  6. # description: Loads iptables firewall
  7. #
  8. # config: /etc/qubes/iptables.rules
  9. # config: /etc/qubes/ip6tables.rules
  10. #
  11. ### BEGIN INIT INFO
  12. # Provides: iptables
  13. # Required-Start:
  14. # Required-Stop:
  15. # Default-Start: 2 3 4 5
  16. # Default-Stop: 0 1 6
  17. # Short-Description: Loads Qubes base iptables firewall
  18. # Description: Loads Qubes base iptables firewall
  19. ### END INIT INFO
  20. IPTABLES=iptables
  21. IPTABLES_DATA_DIR=/etc/qubes
  22. if [ ! -x /sbin/$IPTABLES ]; then
  23. echo $"${IPTABLES}: /sbin/$IPTABLES does not exist."
  24. exit 5
  25. fi
  26. start() {
  27. ipt=$1
  28. IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}.rules
  29. ipv6_enabled=
  30. if qubesdb-read /qubes-ip6 >/dev/null 2>&1 || \
  31. qubesdb-read /qubes-netvm-gateway6 >/dev/null 2>&1; then
  32. ipv6_enabled=true
  33. fi
  34. # if IPv6 is enabled, load alternative rules file
  35. if [ "$ipt" = "ip6tables" ] && [ -n "$ipv6_enabled" ]; then
  36. IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}-enabled.rules
  37. fi
  38. CMD=$ipt
  39. # Do not start if there is no config file.
  40. [ ! -f "$IPTABLES_DATA" ] && return 6
  41. echo -n $"${CMD}: Applying firewall rules: "
  42. "$CMD-restore" "$IPTABLES_DATA"
  43. ret="$?"
  44. if [ "$ret" -eq 0 ]; then
  45. echo OK
  46. else
  47. echo FAIL; return 1
  48. fi
  49. return $ret
  50. }
  51. case "$1" in
  52. start)
  53. start iptables && start ip6tables
  54. RETVAL=$?
  55. ;;
  56. *)
  57. echo $"Usage: ${IPTABLES} start"
  58. RETVAL=2
  59. ;;
  60. esac
  61. exit $RETVAL