Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # chkconfig: 35 90 12
- # description: Firewall
- #
- # Start the firewall
- start() {
- FIREWALL_RULES='/etc/firewall/firewall_rules'
- if [ -f /var/lock/subsys/fw.lock ]; then
- echo "Firewall already running."
- exit 1
- fi
- echo "Starting the Firewall: "
- if [ -n "$1" ]; then
- case "$1" in
- input)
- bash /etc/firewall/firewall_rules input
- ;;
- output)
- bash /etc/firewall/firewall_rules output
- ;;
- forward)
- bash /etc/firewall/firewall_rules forward
- ;;
- workstations)
- bash /etc/firewall/firewall_rules workstations
- ;;
- winservers)
- bash /etc/firewall/firewall_rules winservers
- ;;
- devnetwork)
- bash /etc/firewall/firewall_rules devnetwork
- ;;
- dmznetwork)
- bash /etc/firewall/firewall_rules dmznetwork
- ;;
- all)
- bash /etc/firewall/firewall_rules all
- ;;
- *)
- sleep 1
- echo "Chain $1 does not exist."
- exit 1
- esac
- else
- bash /etc/firewall/firewall_rules all
- fi
- touch /var/lock/subsys/fw.lock
- sleep 1
- if [ -n "$1" ]; then
- echo "$1 chain(s) active. Started `date +%h\ %d\ %Y\ %H:%M:%S`" >> /var/log/firewall/fwstatus.log
- echo "$1 chain(s) started."
- else
- echo "all chain(s) active. Started `date +%h\ %d\ %Y\ %H:%M:%S`" >> /var/log/firewall/fwstatus.log
- echo "all chain(s) started."
- fi
- sleep 1
- if [ -f /var/lock/subsys/fw.lock ]; then echo "Firewall started"; fi
- }
- # Stop the firewall
- stop() {
- FIREWALL_RULES='/etc/firewall/firewall_rules'
- if [ ! -f /var/lock/subsys/fw.lock ]; then
- echo "Firewall not running."
- exit 1
- fi
- echo "Stopping the Firewall: "
- if [ ! -z "$1" ]; then
- case "$1" in
- input)
- DEFAULTCHAIN=INPUT
- ;;
- output)
- DEFAULTCHAIN=OUTPUT
- ;;
- forward)
- DEFAULTCHAIN=FORWARD
- ;;
- workstations)
- CHAIN=WORKSTATIONS
- ;;
- winservers)
- CHAIN=WINSERVERS
- ;;
- devnetwork)
- CHAIN=DEVNETWORK
- ;;
- dmznetwork)
- CHAIN=DMZNETWORK
- ;;
- all)
- DEFAULTCHAIN='INPUT OUTPUT FORWARD'
- CHAIN='WORKSTATIONS WINSERVERS DEVNETWORK DMZNETWORK'
- ;;
- *)
- sleep 1
- echo "Chain $1 does not exist."
- exit 1
- esac
- else
- DEFAULTCHAIN='INPUT OUTPUT FORWARD'
- CHAIN='WORKSTATIONS WINSERVERS DEVNETWORK DMZNETWORK'
- fi
- if [ ! -z "$DEFAULTCHAIN" ]; then
- # iptables -F
- # iptables -Z $DEFAULTCHAIN
- sed -i /^$DEFAULTCHAIN.*$/Id /var/log/firewall/fwstatus.log
- fi
- if [ ! -z "$CHAIN" ]; then
- # iptables -X $CHAIN
- # iptables -F
- sed -i /^$CHAIN.*$/Id /var/log/firewall/fwstatus.log
- fi
- if [ ! -z "$DEFAULTCHAIN" ] && [ ! -z "$CHAIN" ]; then
- rm -f /var/log/firewall/fwstatus.log
- touch /var/log/firewall/fwstatus.log
- fi
- if [ ! -s /var/log/firewall/fwstatus.log ]; then
- rm -f /var/lock/subsys/fw.lock
- fi
- sleep 1
- if [ -n "$1" ]; then
- if [ ! -s /var/log/firewall/fwstatus.log ]; then echo "Firewall stopped"; else echo "$1 chain(s) removed."; fi
- else
- echo "Firewall stopped"
- fi
- }
- # Show if firewall is running and which chains are active
- status() {
- if [ ! -f /var/lock/subsys/fw.lock ]; then
- echo "Firewall is stopped."
- else
- echo "Firewall is running."
- fi
- if [ -s /var/log/firewall/fwstatus.log ]; then
- cat /var/log/firewall/fwstatus.log
- else
- echo "No active chains."
- fi
- }
- restart() {
- echo "Stopping the Firewall...: "
- stop
- sleep 1
- echo "Starting the Firewall...: "
- start
- sleep 1
- echo "Done."
- }
- help () {
- echo "This init script loads and unloads rules from iptables.
- Possible arguments are start, stop, status, restart, reload, and help.
- The start and stop arguments can also take an argument, which
- is the name of the target chain, or all for all chains.
- For example, '/etc/init.d/firewall stop input' will clear the input chain.
- By default, if a chain is not specified, the function will operate on all chains.
- The available chains are input, output, forward, workstations, winservers, devnetwork, and dmznetwork."
- }
- configcheck() {
- if [ ! -f $FIREWALL_RULES ]; then
- echo "$FIREWALL_RULES must exist"
- exit 1
- fi
- }
- configcheck
- ### main logic ###
- case "$1" in
- start)
- start $2
- ;;
- stop)
- stop $2
- ;;
- status)
- status
- ;;
- restart|reload)
- restart
- ;;
- help)
- help
- ;;
- *)
- echo "Usage: $0 {start|stop|restart|reload|status} {input|output|forward|workstations|winservers|devnetwork|dmznetwork} "
- exit 1
- esac
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement