| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 |
- #!/bin/bash
- #
- # qubes-iptables Start Qubes base iptables firewall
- #
- # chkconfig: 2345 08 92
- # description: Loads iptables firewall
- #
- # config: /etc/qubes/iptables.rules
- # config: /etc/qubes/ip6tables.rules
- #
- ### BEGIN INIT INFO
- # Provides: iptables
- # Required-Start:
- # Required-Stop:
- # Default-Start: 2 3 4 5
- # Default-Stop: 0 1 6
- # Short-Description: Loads Qubes base iptables firewall
- # Description: Loads Qubes base iptables firewall
- ### END INIT INFO
- IPTABLES=iptables
- IPTABLES_DATA_DIR=/etc/qubes
- if [ ! -x /sbin/$IPTABLES ]; then
- echo $"${IPTABLES}: /sbin/$IPTABLES does not exist."
- exit 5
- fi
- start() {
- ipt=$1
- IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}.rules
- ipv6_enabled=
- if qubesdb-read /qubes-ip6 >/dev/null 2>&1 || \
- qubesdb-read /qubes-netvm-gateway6 >/dev/null 2>&1; then
- ipv6_enabled=true
- fi
- # if IPv6 is enabled, load alternative rules file
- if [ "$ipt" = "ip6tables" ] && [ -n "$ipv6_enabled" ]; then
- IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}-enabled.rules
- fi
- CMD=$ipt
- # Do not start if there is no config file.
- [ ! -f "$IPTABLES_DATA" ] && return 6
- CMD_ARGS=
- if "$CMD-restore" --help 2>&1 | grep -q wait=; then
- CMD_ARGS=--wait
- fi
- echo -n $"${CMD}: Applying firewall rules: "
- "$CMD-restore" $CMD_ARGS "$IPTABLES_DATA"
- ret="$?"
- if [ "$ret" -eq 0 ]; then
- echo OK
- else
- echo FAIL; return 1
- fi
- return $ret
- }
- case "$1" in
- start)
- start iptables && start ip6tables
- RETVAL=$?
- ;;
- *)
- echo $"Usage: ${IPTABLES} start"
- RETVAL=2
- ;;
- esac
- exit $RETVAL
|
