Extract main functions
This commit is contained in:
parent
c48534146a
commit
72e3729a78
80
minifirewall
80
minifirewall
|
@ -51,13 +51,6 @@ BROAD='255.255.255.255'
|
||||||
PORTSROOT='0:1023'
|
PORTSROOT='0:1023'
|
||||||
PORTSUSER='1024:65535'
|
PORTSUSER='1024:65535'
|
||||||
|
|
||||||
chain_exists()
|
|
||||||
{
|
|
||||||
local chain_name="$1" ; shift
|
|
||||||
[ $# -eq 1 ] && local intable="--table $1"
|
|
||||||
iptables $intable -nL "$chain_name" >/dev/null 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
oldconfigfile="/etc/firewall.rc"
|
oldconfigfile="/etc/firewall.rc"
|
||||||
configfile="/etc/default/minifirewall"
|
configfile="/etc/default/minifirewall"
|
||||||
|
@ -67,9 +60,28 @@ IPV6=$(grep "IPV6=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
|
||||||
DOCKER=$(grep "DOCKER=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
|
DOCKER=$(grep "DOCKER=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
|
||||||
INT=$(grep "INT=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
|
INT=$(grep "INT=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
|
||||||
|
|
||||||
case "$1" in
|
chain_exists()
|
||||||
start)
|
{
|
||||||
|
local chain_name="$1" ; shift
|
||||||
|
[ $# -eq 1 ] && local intable="--table $1"
|
||||||
|
iptables $intable -nL "$chain_name" >/dev/null 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
|
source_file_or_error() {
|
||||||
|
file=$1
|
||||||
|
echo "...sourcing '${file}\`"
|
||||||
|
|
||||||
|
tmpfile=$(mktemp --tmpdir=/tmp minifirewall.XXX)
|
||||||
|
. ${file} 2>${tmpfile} >&2
|
||||||
|
if [ -s ${tmpfile} ]; then
|
||||||
|
echo "${file} returns standard or error output (see below). Stopping." >&2
|
||||||
|
cat ${tmpfile}
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
rm ${tmpfile}
|
||||||
|
}
|
||||||
|
|
||||||
|
start() {
|
||||||
echo "Start IPTables rules..."
|
echo "Start IPTables rules..."
|
||||||
|
|
||||||
# Stop and warn if error!
|
# Stop and warn if error!
|
||||||
|
@ -134,19 +146,8 @@ if ! test -f $configfile; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
source_file_or_error() {
|
|
||||||
file=$1
|
|
||||||
echo "...sourcing '${file}\`"
|
|
||||||
tmpfile=$(mktemp --tmpdir=/tmp minifirewall.XXX)
|
|
||||||
. ${file} 2>${tmpfile} >&2
|
|
||||||
if [ -s ${tmpfile} ]; then
|
|
||||||
echo "${file} returns standard or error output (see below). Stopping." >&2
|
|
||||||
cat ${tmpfile}
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
rm ${tmpfile}
|
|
||||||
}
|
|
||||||
source_file_or_error ${configfile}
|
source_file_or_error ${configfile}
|
||||||
|
|
||||||
if [ -d "${includesdir}" ]; then
|
if [ -d "${includesdir}" ]; then
|
||||||
includefiles=$(find ${includesdir} -type f -readable -not -name '*.*')
|
includefiles=$(find ${includesdir} -type f -readable -not -name '*.*')
|
||||||
for includefile in ${includefiles}; do
|
for includefile in ${includefiles}; do
|
||||||
|
@ -416,10 +417,9 @@ $IPT -A OUTPUT -p udp -j DROP
|
||||||
trap - INT TERM EXIT
|
trap - INT TERM EXIT
|
||||||
|
|
||||||
echo "...starting IPTables rules is now finish : OK"
|
echo "...starting IPTables rules is now finish : OK"
|
||||||
;;
|
}
|
||||||
|
|
||||||
stop)
|
|
||||||
|
|
||||||
|
stop() {
|
||||||
echo "Flush all rules and accept everything..."
|
echo "Flush all rules and accept everything..."
|
||||||
|
|
||||||
# Delete all rules
|
# Delete all rules
|
||||||
|
@ -465,19 +465,17 @@ trap - INT TERM EXIT
|
||||||
$IPT -X NEEDRESTRICT
|
$IPT -X NEEDRESTRICT
|
||||||
|
|
||||||
echo "...flushing IPTables rules is now finish : OK"
|
echo "...flushing IPTables rules is now finish : OK"
|
||||||
;;
|
}
|
||||||
|
|
||||||
status)
|
|
||||||
|
|
||||||
|
status() {
|
||||||
$IPT -L -n -v --line-numbers
|
$IPT -L -n -v --line-numbers
|
||||||
$IPT -t nat -L -n -v --line-numbers
|
$IPT -t nat -L -n -v --line-numbers
|
||||||
$IPT -t mangle -L -n -v --line-numbers
|
$IPT -t mangle -L -n -v --line-numbers
|
||||||
$IPT6 -L -n -v --line-numbers
|
$IPT6 -L -n -v --line-numbers
|
||||||
$IPT6 -t mangle -L -n -v --line-numbers
|
$IPT6 -t mangle -L -n -v --line-numbers
|
||||||
;;
|
}
|
||||||
|
|
||||||
reset)
|
|
||||||
|
|
||||||
|
reset() {
|
||||||
echo "Reset all IPTables counters..."
|
echo "Reset all IPTables counters..."
|
||||||
|
|
||||||
$IPT -Z
|
$IPT -Z
|
||||||
|
@ -487,12 +485,28 @@ trap - INT TERM EXIT
|
||||||
[ "$IPV6" != "off" ] && $IPT6 -t mangle -Z
|
[ "$IPV6" != "off" ] && $IPT6 -t mangle -Z
|
||||||
|
|
||||||
echo "...reseting IPTables counters is now finish : OK"
|
echo "...reseting IPTables counters is now finish : OK"
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
start
|
||||||
|
;;
|
||||||
|
|
||||||
|
stop)
|
||||||
|
stop
|
||||||
|
;;
|
||||||
|
|
||||||
|
status)
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
|
||||||
|
reset)
|
||||||
|
reset
|
||||||
;;
|
;;
|
||||||
|
|
||||||
restart)
|
restart)
|
||||||
|
stop
|
||||||
$0 stop
|
start
|
||||||
$0 start
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
*)
|
*)
|
||||||
|
|
Loading…
Reference in a new issue