Advertisement
Guest User

Firewall

a guest
Mar 6th, 2013
572
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.85 KB | None | 0 0
  1. #!/bin/bash
  2. #
  3. # chkconfig: 35 90 12
  4. # description: Firewall
  5. #
  6. # Start the firewall
  7. start() {
  8.     FIREWALL_RULES='/etc/firewall/firewall_rules'
  9.     if [ -f /var/lock/subsys/fw.lock ]; then
  10.         echo "Firewall already running."
  11.         exit 1
  12.     fi
  13.     echo "Starting the Firewall: "
  14.     if [ -n "$1" ]; then
  15.         case "$1" in
  16.             input)
  17.                 bash /etc/firewall/firewall_rules input
  18.                 ;;
  19.             output)
  20.                 bash /etc/firewall/firewall_rules output
  21.                 ;;
  22.             forward)
  23.                 bash /etc/firewall/firewall_rules forward
  24.                 ;;
  25.             workstations)
  26.                 bash /etc/firewall/firewall_rules workstations
  27.                 ;;
  28.             winservers)
  29.                 bash /etc/firewall/firewall_rules winservers
  30.                 ;;
  31.             devnetwork)
  32.                 bash /etc/firewall/firewall_rules devnetwork
  33.                 ;;
  34.             dmznetwork)
  35.                 bash /etc/firewall/firewall_rules dmznetwork
  36.                 ;;
  37.             all)
  38.                 bash /etc/firewall/firewall_rules all
  39.                 ;;      
  40.             *)
  41.                 sleep 1
  42.             echo "Chain $1 does not exist."
  43.                 exit 1
  44.         esac       
  45.     else
  46.         bash /etc/firewall/firewall_rules all
  47.     fi
  48.         touch /var/lock/subsys/fw.lock
  49.     sleep 1
  50.     if [ -n "$1" ]; then
  51.             echo "$1 chain(s) active. Started `date +%h\ %d\ %Y\ %H:%M:%S`" >> /var/log/firewall/fwstatus.log
  52.             echo "$1 chain(s) started."
  53.      else
  54.         echo "all chain(s) active. Started `date +%h\ %d\ %Y\ %H:%M:%S`" >> /var/log/firewall/fwstatus.log
  55.         echo "all chain(s) started."
  56.     fi
  57.     sleep 1
  58.     if [ -f /var/lock/subsys/fw.lock ]; then echo "Firewall started"; fi
  59. }
  60. # Stop the firewall
  61. stop() {
  62.         FIREWALL_RULES='/etc/firewall/firewall_rules'
  63.         if [ ! -f /var/lock/subsys/fw.lock ]; then
  64.             echo "Firewall not running."
  65.             exit 1
  66.         fi
  67.         echo "Stopping the Firewall: "
  68.         if [ ! -z "$1" ]; then
  69.             case "$1" in
  70.                 input)
  71.                     DEFAULTCHAIN=INPUT
  72.                     ;;
  73.                 output)
  74.                     DEFAULTCHAIN=OUTPUT
  75.                     ;;             
  76.                 forward)
  77.                     DEFAULTCHAIN=FORWARD
  78.                     ;;
  79.                 workstations)
  80.                     CHAIN=WORKSTATIONS
  81.                     ;;
  82.                 winservers)
  83.                     CHAIN=WINSERVERS
  84.                     ;;
  85.                 devnetwork)
  86.                     CHAIN=DEVNETWORK
  87.                     ;;
  88.                 dmznetwork)
  89.                     CHAIN=DMZNETWORK
  90.                     ;;
  91.                 all)
  92.                     DEFAULTCHAIN='INPUT OUTPUT FORWARD'
  93.                     CHAIN='WORKSTATIONS WINSERVERS DEVNETWORK DMZNETWORK'
  94.                     ;;        
  95.                 *)
  96.                 sleep 1
  97.                     echo "Chain $1 does not exist."
  98.                     exit 1     
  99.             esac
  100.         else
  101.             DEFAULTCHAIN='INPUT OUTPUT FORWARD'
  102.                         CHAIN='WORKSTATIONS WINSERVERS DEVNETWORK DMZNETWORK'
  103.         fi
  104.         if [ ! -z "$DEFAULTCHAIN" ]; then
  105. #           iptables -F
  106. #           iptables -Z $DEFAULTCHAIN
  107.             sed -i /^$DEFAULTCHAIN.*$/Id /var/log/firewall/fwstatus.log
  108.         fi
  109.         if [ ! -z "$CHAIN" ]; then
  110. #           iptables -X $CHAIN
  111. #           iptables -F
  112.             sed -i /^$CHAIN.*$/Id /var/log/firewall/fwstatus.log
  113.         fi
  114.         if [ ! -z "$DEFAULTCHAIN" ] && [ ! -z "$CHAIN" ]; then
  115.             rm -f /var/log/firewall/fwstatus.log
  116.             touch /var/log/firewall/fwstatus.log
  117.         fi 
  118.     if [ ! -s /var/log/firewall/fwstatus.log ]; then       
  119.             rm -f /var/lock/subsys/fw.lock
  120.     fi
  121.     sleep 1
  122.     if [ -n "$1" ]; then
  123.             if [ ! -s /var/log/firewall/fwstatus.log ]; then echo "Firewall stopped"; else echo "$1 chain(s) removed."; fi
  124.     else
  125.         echo "Firewall stopped"
  126.     fi
  127. }
  128. # Show if firewall is running and which chains are active
  129. status() {
  130.     if [ ! -f /var/lock/subsys/fw.lock ]; then
  131.         echo "Firewall is stopped."
  132.     else
  133.         echo "Firewall is running."
  134.     fi
  135.     if [ -s /var/log/firewall/fwstatus.log ]; then
  136.         cat /var/log/firewall/fwstatus.log
  137.     else
  138.         echo "No active chains."
  139.     fi
  140. }
  141. restart() {
  142. echo "Stopping the Firewall...: "
  143. stop
  144. sleep 1
  145. echo "Starting the Firewall...: "
  146. start
  147. sleep 1
  148. echo "Done."
  149. }
  150. help () {
  151.     echo "This init script loads and unloads rules from iptables.
  152.     Possible arguments are start, stop, status, restart, reload, and help.
  153.     The start and stop arguments can also take an argument, which
  154.     is the name of the target chain, or all for all chains.
  155.     For example, '/etc/init.d/firewall stop input' will clear the input chain.
  156.     By default, if a chain is not specified, the function will operate on all chains.
  157.     The available chains are input, output, forward, workstations, winservers, devnetwork, and dmznetwork."
  158. }
  159. configcheck() {
  160.     if [ ! -f $FIREWALL_RULES ]; then
  161.         echo "$FIREWALL_RULES must exist"
  162.                 exit 1
  163.         fi
  164. }  
  165. configcheck
  166. ### main logic ###
  167. case "$1" in
  168.     start)
  169.            start $2
  170.            ;;
  171.     stop)
  172.            stop $2
  173.            ;;
  174.     status)
  175.            status
  176.            ;;
  177.     restart|reload)
  178.            restart
  179.            ;;
  180.     help)
  181.        help
  182.        ;;
  183.     *)
  184.            echo "Usage: $0 {start|stop|restart|reload|status} {input|output|forward|workstations|winservers|devnetwork|dmznetwork} "
  185.            exit 1
  186. esac
  187. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement