-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiptconf
executable file
·124 lines (107 loc) · 4.55 KB
/
iptconf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/bin/bash
#####################################################################
# Copyright (c) 2014 Stefan Jakobs
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
#####################################################################
# see also:
# http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html
# make sure we've always got the same directory order
export LC_ALL=C
# functions:
source /usr/lib/iptconf.f || {
echo "failed to source iptconf functions (/usr/lib/iptconf.f)";
exit 1;
}
# load defaults ...
[ -f /etc/default/iptconf ] && source /etc/default/iptconf
# ip46tables : iptables ipv4+ipv6
# INPUT : iptables chain INPUT ipv4+ipv6
# OUTPUT : iptables chain OUTPUT ipv4+ipv6
# FORWARD : iptables chain FORWARD ipv4+ipv6
# INPUT4 : iptables chain INPUT ipv4
# OUTPUT4 : iptables chain OUTPUT ipv4
# FORWARD4 : iptables chain FORWARD ipv4
# INPUT6 : iptables chain INPUT ipv6
# OUTPUT6 : iptables chain OUTPUT ipv6
# FORWARD6 : iptables chain FORWARD ipv6
if [[ ! $(ip r) =~ "default via" ]]; then
verbose "$0: skipping because no default route"
exit
fi
# check whether or not we have a save file for ip6tables and iptables
. /usr/share/iptconf.reset
if [ x"$1" = x--stop ]; then
# echo current definition to STDOUT
iptables-save
ip6tables-save
exit
fi
[ "$1" = "--fast" ] && LOADFAST=yes
if [ "$LOADFAST" = "yes" -a -d /etc/ipt.conf.d -a -f /etc/ipt.conf ]; then
verbose "Loading firewall in fast mode. Checking for updated definitions."
[ -f /var/cache/iptconf/iptables-save -a -f /var/cache/iptconf/ip6tables-save ] && \
NEWER="$(find /etc/ipt.conf* -newer /var/cache/iptconf/iptables-save -o -newer /var/cache/iptconf/ip6tables-save)"
if [ -f /var/cache/iptconf/iptables-save -a -f /var/cache/iptconf/ip6tables-save -a -z "$NEWER" ];then
verbose "Firewall definition unchanged. Loading saved config."
. /usr/share/iptconf/iptconf.reset
if iptables-restore </var/cache/iptconf/iptables-save;then
verbose "Loading iptables-save successful"
else
echo "Loading iptables-restore FAILED!"
FAILED=1
fi
if ip6tables-restore < /var/cache/iptconf/ip6tables-save ; then
verbose "Loading ip6tables-save successful"
else
echo "Loading ip6tables-restore FAILED!"
FAILED=1
fi
[ -z "$FAILED" ] && exit 1
elif cat /usr/share/iptconf/iptconf.reset /usr/share/iptconf/iptconf.header \
/etc/ipt.conf /etc/ipt.conf.d/*.conf /usr/share/iptconf/iptconf.footer | \
/usr/sbin/iptconfparser /var/cache/iptconf/iptables-save.tmp \
/var/cache/iptconf/ip6tables-save.tmp ; then
verbose "Firewall definition updated. Now loading firewall"
. /usr/share/iptconf/iptconf.reset
mv /var/cache/iptconf/iptables-save.tmp /var/cache/iptconf/iptables-save
vx iptables-restore </var/cache/iptconf/iptables-save
mv /var/cache/iptconf/ip6tables-save.tmp /var/cache/iptconf/ip6tables-save
vx ip6tables-restore </var/cache/iptconf/ip6tables-save
exit
else
echo 'Generating firewall rules failed! Continuing in regular mode...'
fi
fi
. /usr/share/iptconf/iptconf.header
. /etc/ipt.conf
if ls /etc/ipt.conf.d/*.conf &>/dev/null; then
for conf in /etc/ipt.conf.d/*.conf ; do
. $conf
done
fi
. /usr/share/iptconf/iptconf.footer
verbose iptables-save
iptables-save > /var/cache/iptconf/iptables-save
verbose ip6tables-save
ip6tables-save > /var/cache/iptconf/ip6tables-save
exit