aboutsummaryrefslogtreecommitdiff
path: root/src/iptables
diff options
context:
space:
mode:
authorAdrian C. (anrxc) <anrxc@sysphere.org>2012-11-25 21:24:58 +0100
committerAdrian C. (anrxc) <anrxc@sysphere.org>2012-11-25 21:24:58 +0100
commit16262790cb6ddacf6c632625cc865e03b1b8671f (patch)
tree09898d65deef518380915ecdc7575756c9ca8595 /src/iptables
parent7bb1499a7cd539f714bb7f603d7fc0a38fd8a963 (diff)
downloadrcdscripts-16262790cb6ddacf6c632625cc865e03b1b8671f.tar.xz
rcdscripts: import first snapshot of rc.d scripts as of 11.25.20122012.11.25
In 30 days these scripts will start dissapearing from official Arch Linux packages. This is an attempt to conserve them, and keep sysvinit usable.
Diffstat (limited to 'src/iptables')
-rwxr-xr-xsrc/iptables/ip6tables69
-rwxr-xr-xsrc/iptables/iptables68
2 files changed, 137 insertions, 0 deletions
diff --git a/src/iptables/ip6tables b/src/iptables/ip6tables
new file mode 100755
index 0000000..2d119e3
--- /dev/null
+++ b/src/iptables/ip6tables
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# source application-specific settings
+[ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
+
+# Set defaults if settings are missing
+[ -z "$IP6TABLES_CONF" ] && IP6TABLES_CONF=/etc/iptables/ip6tables.rules
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+case "$1" in
+ start)
+ if [ ! -f "$IP6TABLES_CONF" ]; then
+ echo "Cannot load ip6tables rules: $IP6TABLES_CONF is missing!" >&2
+ exit 1
+ fi
+ stat_busy "Starting IP6 Tables"
+ if [ "$IPTABLES_FORWARD" = "1" ]; then
+ echo 1 >/proc/sys/net/ipv6/conf/default/forwarding
+ echo 1 >/proc/sys/net/ipv6/conf/all/forwarding
+ fi
+ if ck_daemon ip6tables; then
+ /usr/sbin/ip6tables-restore < $IP6TABLES_CONF
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon ip6tables
+ stat_done
+ fi
+ else
+ stat_fail
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping IP6 Tables"
+ if ! ck_daemon ip6tables; then
+ fail=0
+ for table in $(cat /proc/net/ip6_tables_names); do
+ ip6tables-restore < /var/lib/iptables/empty-$table.rules
+ [ $? -gt 0 ] && fail=1
+ done
+ if [ $fail -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon ip6tables
+ stat_done
+ fi
+ else
+ stat_fail
+ fi
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ ;;
+ save)
+ stat_busy "Saving IP6 Tables"
+ /usr/sbin/ip6tables-save >$IP6TABLES_CONF
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart|save}"
+esac
+exit 0
diff --git a/src/iptables/iptables b/src/iptables/iptables
new file mode 100755
index 0000000..fbb02fa
--- /dev/null
+++ b/src/iptables/iptables
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# source application-specific settings
+[ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
+
+# Set defaults if settings are missing
+[ -z "$IPTABLES_CONF" ] && IPTABLES_CONF=/etc/iptables/iptables.rules
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+case "$1" in
+ start)
+ if [ ! -f "$IPTABLES_CONF" ]; then
+ echo "Cannot load iptables rules: $IPTABLES_CONF is missing!" >&2
+ exit 1
+ fi
+ stat_busy "Starting IP Tables"
+ if [ "$IPTABLES_FORWARD" = "1" ]; then
+ echo 1 >/proc/sys/net/ipv4/ip_forward
+ fi
+ if ck_daemon iptables; then
+ /usr/sbin/iptables-restore < $IPTABLES_CONF
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon iptables
+ stat_done
+ fi
+ else
+ stat_fail
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping IP Tables"
+ if ! ck_daemon iptables; then
+ fail=0
+ for table in $(cat /proc/net/ip_tables_names); do
+ iptables-restore < /var/lib/iptables/empty-$table.rules
+ [ $? -gt 0 ] && fail=1
+ done
+ if [ $fail -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon iptables
+ stat_done
+ fi
+ else
+ stat_fail
+ fi
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ ;;
+ save)
+ stat_busy "Saving IP Tables"
+ /usr/sbin/iptables-save >$IPTABLES_CONF
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart|save}"
+esac
+exit 0