#!/bin/sh # # Startup script for the Firestarter Application Suite # # chkconfig: - 12 92 # # description: Automates the startup of Firestarter's generated ruleset # # Script Author: Paul Drain <pd@cipherfunk.org> # -- a hack taken from the default RH ipchains startup script # # config: /etc/firestarter/firewall.sh # # Source function library. . /etc/init.d/functions # Get config. . /etc/sysconfig/network # Check that networking is up. if [ ${NETWORKING} = "no" ] then exit 0 fi [ -x /usr/bin/firestarter ] || exit 0 [ "`uname -r | cut -c1-3`" = "2.2" ] && exit 0 FS_CONFIG="/etc/firestarter/firewall.sh" RETVAL=0 start() { # make sure that iptables matches the kernel if [ -f /etc/init.d/iptables ]; then service iptables check fi if [ -f $FS_CONFIG ]; then # Clear the existing rulesets out, so we don't run into any duplicates action "Flushing all current rules and user defined chains:" iptables -F action "Clearing all current rules and user defined chains:" iptables -X action "Zeroing all current rules:" iptables -Z gprintf "Applying Firestarter configuration: " $FS_CONFIG success "Applying Firestarter configuration" || failure "Applying Firestarter configuration" echo touch /var/lock/subsys/firestarter fi } stop() { action "Flushing all current rules and user defined chains:" iptables -F action "Clearing all current rules and user defined chains:" iptables -X action "Zeroing all current rules:" iptables -Z gprintf "Resetting built-in chains to the default ACCEPT policy:" iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT success "Resetting built-in chains to the default ACCEPT policy" ||\ failure "Resetting built-in chains to the default ACCEPT policy" RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/firestarter return $RETVAL } panic() { gprintf "Changing target policies to DENY: " iptables -P INPUT DENY iptables -P FORWARD DENY iptables -P OUTPUT DENY success "Changing target policies to DENY" || failure "Changing target policies to DENY" echo action "Flushing all current rules and user defined chains:" iptables -F action "Clearing all current rules and user defined chains:" iptables -X action "Zeroing all current rules:" iptables -Z RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/firestarter return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) iptables -nL ;; restart|reload) # "restart" is really just "start" as this isn't a daemon, # and "start" clears any pre-defined rules anyway. # This is really only here to make those who expect it happy start ;; panic) panic ;; *) gprintf "Usage: firestarter {start|stop|status|restart|reload|panic}\n" exit 1 esac exit $RETVAL