Extract main functions
This commit is contained in:
parent
c48534146a
commit
72e3729a78
80
minifirewall
80
minifirewall
|
|
@ -51,13 +51,6 @@ BROAD='255.255.255.255'
|
|||
PORTSROOT='0:1023'
|
||||
PORTSUSER='1024:65535'
|
||||
|
||||
chain_exists()
|
||||
{
|
||||
local chain_name="$1" ; shift
|
||||
[ $# -eq 1 ] && local intable="--table $1"
|
||||
iptables $intable -nL "$chain_name" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
# Configuration
|
||||
oldconfigfile="/etc/firewall.rc"
|
||||
configfile="/etc/default/minifirewall"
|
||||
|
|
@ -67,9 +60,28 @@ IPV6=$(grep "IPV6=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
|
|||
DOCKER=$(grep "DOCKER=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
|
||||
INT=$(grep "INT=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
chain_exists()
|
||||
{
|
||||
local chain_name="$1" ; shift
|
||||
[ $# -eq 1 ] && local intable="--table $1"
|
||||
iptables $intable -nL "$chain_name" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
source_file_or_error() {
|
||||
file=$1
|
||||
echo "...sourcing '${file}\`"
|
||||
|
||||
tmpfile=$(mktemp --tmpdir=/tmp minifirewall.XXX)
|
||||
. ${file} 2>${tmpfile} >&2
|
||||
if [ -s ${tmpfile} ]; then
|
||||
echo "${file} returns standard or error output (see below). Stopping." >&2
|
||||
cat ${tmpfile}
|
||||
exit 1
|
||||
fi
|
||||
rm ${tmpfile}
|
||||
}
|
||||
|
||||
start() {
|
||||
echo "Start IPTables rules..."
|
||||
|
||||
# Stop and warn if error!
|
||||
|
|
@ -134,19 +146,8 @@ if ! test -f $configfile; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
source_file_or_error() {
|
||||
file=$1
|
||||
echo "...sourcing '${file}\`"
|
||||
tmpfile=$(mktemp --tmpdir=/tmp minifirewall.XXX)
|
||||
. ${file} 2>${tmpfile} >&2
|
||||
if [ -s ${tmpfile} ]; then
|
||||
echo "${file} returns standard or error output (see below). Stopping." >&2
|
||||
cat ${tmpfile}
|
||||
exit 1
|
||||
fi
|
||||
rm ${tmpfile}
|
||||
}
|
||||
source_file_or_error ${configfile}
|
||||
|
||||
if [ -d "${includesdir}" ]; then
|
||||
includefiles=$(find ${includesdir} -type f -readable -not -name '*.*')
|
||||
for includefile in ${includefiles}; do
|
||||
|
|
@ -416,10 +417,9 @@ $IPT -A OUTPUT -p udp -j DROP
|
|||
trap - INT TERM EXIT
|
||||
|
||||
echo "...starting IPTables rules is now finish : OK"
|
||||
;;
|
||||
|
||||
stop)
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo "Flush all rules and accept everything..."
|
||||
|
||||
# Delete all rules
|
||||
|
|
@ -465,19 +465,17 @@ trap - INT TERM EXIT
|
|||
$IPT -X NEEDRESTRICT
|
||||
|
||||
echo "...flushing IPTables rules is now finish : OK"
|
||||
;;
|
||||
|
||||
status)
|
||||
}
|
||||
|
||||
status() {
|
||||
$IPT -L -n -v --line-numbers
|
||||
$IPT -t nat -L -n -v --line-numbers
|
||||
$IPT -t mangle -L -n -v --line-numbers
|
||||
$IPT6 -L -n -v --line-numbers
|
||||
$IPT6 -t mangle -L -n -v --line-numbers
|
||||
;;
|
||||
|
||||
reset)
|
||||
}
|
||||
|
||||
reset() {
|
||||
echo "Reset all IPTables counters..."
|
||||
|
||||
$IPT -Z
|
||||
|
|
@ -487,12 +485,28 @@ trap - INT TERM EXIT
|
|||
[ "$IPV6" != "off" ] && $IPT6 -t mangle -Z
|
||||
|
||||
echo "...reseting IPTables counters is now finish : OK"
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
;;
|
||||
|
||||
stop)
|
||||
stop
|
||||
;;
|
||||
|
||||
status)
|
||||
status
|
||||
;;
|
||||
|
||||
reset)
|
||||
reset
|
||||
;;
|
||||
|
||||
restart)
|
||||
|
||||
$0 stop
|
||||
$0 start
|
||||
stop
|
||||
start
|
||||
;;
|
||||
|
||||
*)
|
||||
|
|
|
|||
Loading…
Reference in a new issue