Sophie

Sophie

distrib > Mandriva > 2009.0 > i586 > by-pkgid > 9cec37855ca4e56bcb4357006b7e10c1 > files > 4

nuface-1.2.8-3mdv2009.0.src.rpm

#!/bin/sh
#
# Startup script for nupyf
#
# chkconfig: 345 87 16
# description: nupyf is user filtering firewall. 
# processname: nupyf

# Source function library.
. /etc/rc.d/init.d/functions

ipt="/sbin/iptables"
iptsave="/sbin/iptables-save"
iptrestore="/sbin/iptables-restore"
nupyf="/usr/bin/nupyf"
BASEDIR=/etc/nuface
LOCAL_RULES=$BASEDIR/local_rules
LOCAL_RULES_D=$BASEDIR/local_rules.d
LOCAL_NAT_RULES=$BASEDIR/nat
#FWD_RULES=$BASEDIR/dyn/fwd_rules
STOP_RULES=$BASEDIR/stop_rules
NONUFW_RULES=$BASEDIR/dyn/nonufw_rules
BACKUP_FILE=/var/lib/nuface/backups/firewall_good_conf
MANGLE_RULES_PRE=$BASEDIR/pre-mangle
MANGLE_RULES_POST=$BASEDIR/post-mangle
MANGLE_RULES_DYN=$BASEDIR/dyn/vpn_rules

NUFW_RULES_DIR=$BASEDIR/dyn/nufw
STD_RULES_DIR=$BASEDIR/dyn/standard
DISPATCH_RULES=dispatch_rules
FWD_RULES=forward_rules
INPUT_RULES=input_rules
OUTPUT_RULES=output_rules
NAT_RULES=nat_rules

LDAP_DATA=/etc/nuface/dyn/ldap_objects
NUPYF_CONF=/etc/nuface/desc/nupyf.conf

LOCK_FILE=/var/lock/subsys/nupyf

# are theses rules managed by nuface or not?
MANAGE_INPUT=1
MANAGE_OUTPUT=1
MANAGE_NAT=1

# test generated files rules
for dir in $NUFW_RULES_DIR $STD_RULES_DIR; do
  
  if [ ! -f $dir/$DISPATCH_RULES ]; then
    echo "Sorry. Can't find file ${dir}/${DISPATCH_RULES}"
    exit -1
  fi
  if [ ! -f $dir/$FWD_RULES ]; then
    echo "Sorry. Can't find file ${dir}/${FWD_RULES}"
    exit -1
  fi
  if [ $MANAGE_INPUT == 1 ] && [ ! -f $dir/$INPUT_RULES ]; then
    echo "Sorry. Can't find file ${dir}/${INPUT_RULES}"
    exit -1
  fi
  if [ $MANAGE_OUTPUT == 1 ] && [ ! -f $dir/$OUTPUT_RULES ]; then
    echo "Sorry. Can't find file ${dir}/${OUTPUT_RULES}"
    exit -1
  fi
  if [ $MANAGE_NAT == 1 ] && [ ! -f $dir/$NAT_RULES ]; then
    echo "Sorry. Can't find file ${dir}/${NAT_RULES}"
    exit -1
  fi
done


#if [ ! -f $NONUFW_RULES ]; then
#  echo "Sorry. Can't find file ${NONUFW_RULES}"
#  exit -1
#fi

reload_good_conf() {
  echo "A problem occured, reloading old config"
  $iptrestore < ${BACKUP_FILE}
  /bin/rm ${LOCK_FILE}
  exit -1
}

try_run(){
    if [ -f $1 ]; then
	. $1
    fi
}

reset_chains() {
    $ipt -F
    $ipt -X
    $ipt -t nat -F
    $ipt -t nat -X
    $ipt -t mangle -F
    $ipt -t mangle -X
}

load_mangle(){
   if [ -f $MANGLE_RULES_PRE ] && [ -f $MANGLE_RULES_POST ]; then
     . $MANGLE_RULES_PRE
     . $MANGLE_RULES_POST
     if [ -f $MANGLE_RULES_DYN  ]; then
       . $MANGLE_RULES_DYN
     fi
   fi
}

# load rules generated by nuface
# arg1: directory where rules files has been written
load_dyn_rules(){
  dir=$1
  echo " o Dispatch Rules"
  . $dir/$DISPATCH_RULES
  if [ $MANAGE_INPUT == 1 ]; then
    echo ' o Input Rules'
    . $dir/$INPUT_RULES
  fi
  if [ $MANAGE_OUTPUT == 1 ]; then
    echo " o Output Rules"
    . $dir/$OUTPUT_RULES
  fi
  echo " o Forward Rules"
  . $dir/$FWD_RULES
  if [ $MANAGE_NAT == 1 ]; then
    echo " o Nat Rules"
    . $dir/$NAT_RULES
  fi
}


#load local rules
load_local_rules(){
    if [ -f $LOCAL_RULES ]; then
    . $LOCAL_RULES
    fi
    if [ -d $LOCAL_RULES_D ]; then
        for f in $LOCAL_RULES_D/*.rules; do
            if [ -f $f ]; then
                . $f
            fi
        done
    fi
}

if [ -f $LOCK_FILE ]; then
  echo "Lock file ${LOCK_FILE} exists. Is script already running? If not, please delete lock by hand."
  exit -1
fi

touch $LOCK_FILE

case $1 in
  start | restart | reload)
    echo "Saving current configuration as good"
    $iptsave > ${BACKUP_FILE}
    set -e
    trap reload_good_conf ERR
    reset_chains
    echo "Loading new firewall configuration"
    echo " o Local rules"
    load_local_rules
    load_dyn_rules $NUFW_RULES_DIR
    if [ -f $LOCAL_NAT_RULES ]; then
      . $LOCAL_NAT_RULES
    fi
    load_mangle
    if [ -f $LDAP_DATA  ]; then
      echo "Merging ldap with nupyf"
      $nupyf --config $NUPYF_CONF --loadldap $LDAP_DATA
      rm -f $LDAP_DATA
    fi
    set +e
    trap -
  ;;
  stop)
    echo "Loading stopped configuration"
    reset_chains
    echo " o Local rules"
    load_local_rules
    if [ $MANAGE_INPUT == 1 ] || [ $MANAGE_OUTPUT == 1 ]; then
      echo " o Dispatch Rules"
      . $STD_RULES_DIR/$DISPATCH_RULES
    fi
    if [ $MANAGE_INPUT == 1 ]; then
      echo " o Input Rules"
      . $STD_RULES_DIR/$INPUT_RULES
    fi
    if [ $MANAGE_OUTPUT ==1 ]; then
      echo " o Output Rules"
      . $STD_RULES_DIR/$OUTPUT_RULES
    fi

if [ -f $STOP_RULES ]; then
    echo " o Stop Rules"
    . $STOP_RULES
fi
  ;;
  nonufw | panic | standard)
    echo "Loading \"classical\" firewall configuration"
    $iptsave > ${BACKUP_FILE}
    set -e
    trap reload_good_conf ERR
    reset_chains
    echo " o Local rules"
    load_local_rules
    load_dyn_rules $STD_RULES_DIR
    if [ -f $LOCAL_NAT_RULES ]; then
      . $LOCAL_NAT_RULES
    fi
    set -e
    trap -
  ;;
  *)
    echo "Usage: $0 start|stop|restart|reload"
  ;;
esac
  
/bin/rm ${LOCK_FILE}

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional