60 lines
1.6 KiB
Bash
60 lines
1.6 KiB
Bash
#!/bin/sh
|
|
# Nico Schottelius
|
|
# Zürisee, Mon Sep 2 18:38:27 CEST 2013
|
|
#
|
|
### BEGIN INIT INFO
|
|
# Provides: iptables
|
|
# Required-Start: $local_fs $remote_fs
|
|
# Required-Stop: $local_fs $remote_fs
|
|
# X-Start-Before: fail2ban
|
|
# Default-Start: 2 3 4 5
|
|
# Default-Stop: 0 1 6
|
|
# Short-Description: Applies iptables ruleset
|
|
# Description: Applies all rules found in /etc/iptables.d
|
|
# and saves/restores previous status
|
|
### END INIT INFO
|
|
|
|
|
|
basedir=/etc/iptables.d
|
|
status="${basedir}/.pre-start"
|
|
|
|
case $1 in
|
|
start)
|
|
# Save status
|
|
iptables-save > "$status"
|
|
|
|
# Apply our ruleset
|
|
cd "$basedir" || exit
|
|
count="$(find . ! -name . -prune | wc -l)"
|
|
|
|
# Only do something if there are rules
|
|
if [ "$count" -ge 1 ]; then
|
|
for rule in *; do
|
|
echo "Applying iptables rule $rule ..."
|
|
# Rule should be split.
|
|
# shellcheck disable=SC2046
|
|
iptables $(cat "$rule")
|
|
done
|
|
fi
|
|
;;
|
|
|
|
stop)
|
|
# Restore from status before, if there is something to restore
|
|
if [ -f "$status" ]; then
|
|
iptables-restore < "$status"
|
|
fi
|
|
;;
|
|
restart)
|
|
"$0" stop && "$0" start
|
|
;;
|
|
reset)
|
|
for table in INPUT FORWARD OUTPUT; do
|
|
iptables -P "$table" ACCEPT
|
|
iptables -F "$table"
|
|
done
|
|
for table in PREROUTING POSTROUTING OUTPUT; do
|
|
iptables -t nat -P "$table" ACCEPT
|
|
iptables -t nat -F "$table"
|
|
done
|
|
;;
|
|
esac
|