Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f95f08e15f
core-agent-linux/network/qubes-iptables
Christopher Laprise b8783e65e4
Fixes issue #3939
2018-05-31 14:02:15 -04:00

76 lines
1.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# qubes-iptables Start Qubes base iptables firewall
#
# chkconfig: 2345 08 92
# description: Loads iptables firewall
#
# config: /etc/qubes/iptables.rules
# config: /etc/qubes/ip6tables.rules
#
### BEGIN INIT INFO
# Provides: iptables
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Loads Qubes base iptables firewall
# Description: Loads Qubes base iptables firewall
### END INIT INFO
IPTABLES=iptables
IPTABLES_DATA_DIR=/etc/qubes
if [ ! -x /sbin/$IPTABLES ]; then
echo $"${IPTABLES}: /sbin/$IPTABLES does not exist."
exit 5
fi
start() {
ipt=$1
IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}.rules
ipv6_enabled=
if qubesdb-read /qubes-ip6 >/dev/null 2>&1 || \
qubesdb-read /qubes-netvm-gateway6 >/dev/null 2>&1; then
ipv6_enabled=true
fi
# if IPv6 is enabled, load alternative rules file
if [ "$ipt" = "ip6tables" ] && [ -n "$ipv6_enabled" ]; then
IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}-enabled.rules
fi
CMD=$ipt
# Do not start if there is no config file.
[ ! -f "$IPTABLES_DATA" ] && return 6
CMD_ARGS=
if "$CMD-restore" --help 2>&1 | grep -q wait=; then
# 'wait' must be last on command line if secs not specified
CMD_ARGS=--wait
fi
echo -n $"${CMD}: Applying firewall rules: "
"$CMD-restore" "$IPTABLES_DATA" $CMD_ARGS
ret="$?"
if [ "$ret" -eq 0 ]; then
echo OK
else
echo FAIL; return 1
fi
return $ret
}
case "$1" in
start)
start iptables && start ip6tables
RETVAL=$?
;;
*)
echo $"Usage: ${IPTABLES} start"
RETVAL=2
;;
esac
exit $RETVAL
Reference in New Issue View Git Blame Copy Permalink