diff options
| author | davidovski <david@davidovski.xyz> | 2022-06-27 23:09:07 +0100 |
|---|---|---|
| committer | davidovski <david@davidovski.xyz> | 2022-06-27 23:09:07 +0100 |
| commit | f6332a43c35387c4a2dea1746be5fd092890ae0e (patch) | |
| tree | d6599f63de04096f3fc21a98e0b3bb39d55a3531 /repo/iptables/ebtables.initd | |
| parent | f13e0cac13f90f7f57bce3b26b2e6383de6e4ad2 (diff) | |
added lf and iptables
Diffstat (limited to 'repo/iptables/ebtables.initd')
| -rw-r--r-- | repo/iptables/ebtables.initd | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/repo/iptables/ebtables.initd b/repo/iptables/ebtables.initd new file mode 100644 index 0000000..7d92436 --- /dev/null +++ b/repo/iptables/ebtables.initd @@ -0,0 +1,99 @@ +#!/sbin/openrc-run +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd,v 1.2 2007/09/28 19:22:14 pva Exp $ + +extra_commands="save reload" +extra_started_commands="panic" + +ebtables_bin="/sbin/ebtables" +ebtables_save=${EBTABLES_SAVE} +ebtables_tables=$(grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//) +if [ "$ebtables_tables" == "" ] ; then + ebtables_tables=${TABLE_NAMES} +fi + +depend() { + before net + use logger +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + broute) chains="BROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${ebtables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkconfig() { + if [ ! -f ${ebtables_save} ] ; then + eerror "Not starting ebtables. First create some rules then run:" + eerror "/etc/init.d/ebtables save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ebtables state and starting bridge firewall" + ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + ebegin "Stopping bridge firewall" + local a + for a in ${ebtables_tables}; do + set_table_policy $a ACCEPT + + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? +} + +reload() { + ebegin "Flushing bridge firewall" + local a + for a in ${ebtables_tables}; do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? + + start +} + +save() { + ebegin "Saving ebtables state" + checkpath -Fm 0600 "${ebtables_save}" + for a in ${ebtables_tables} ; do + ${ebtables_bin}-save -t ${a} ${SAVE_RESTORE_OPTIONS} >> "${ebtables_save}" + done + eend $? +} + +panic() { + service_started ebtables && svc_stop + + local a + ebegin "Dropping all packets forwarded on bridges" + for a in ${ebtables_tables}; do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + + set_table_policy $a DROP + done + eend $? +} |