2020-10-15 11:44:19 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
ARPTABLES_CONFIG=/etc/sysconfig/arptables
|
|
|
|
|
|
|
|
# compat for removed initscripts dependency
|
|
|
|
|
|
|
|
success() {
|
2021-06-10 16:29:44 +00:00
|
|
|
echo "[ OK ]"
|
2020-10-15 11:44:19 +00:00
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
failure() {
|
2021-06-10 16:29:44 +00:00
|
|
|
echo "[FAILED]"
|
2020-10-15 11:44:19 +00:00
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
start() {
|
|
|
|
if [ ! -x /usr/sbin/arptables ]; then
|
|
|
|
exit 4
|
|
|
|
fi
|
|
|
|
|
|
|
|
# don't do squat if we don't have the config file
|
|
|
|
if [ -f $ARPTABLES_CONFIG ]; then
|
2021-06-10 16:29:44 +00:00
|
|
|
printf "Applying arptables firewall rules: "
|
2020-10-15 11:44:19 +00:00
|
|
|
/usr/sbin/arptables-restore < $ARPTABLES_CONFIG && \
|
|
|
|
success || \
|
|
|
|
failure
|
|
|
|
touch /var/lock/subsys/arptables
|
|
|
|
else
|
|
|
|
failure
|
2021-06-10 16:29:44 +00:00
|
|
|
echo "Configuration file /etc/sysconfig/arptables missing"
|
2020-10-15 11:44:19 +00:00
|
|
|
exit 6
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
stop() {
|
2021-06-10 16:29:44 +00:00
|
|
|
printf "Removing user defined chains: "
|
2020-10-15 11:44:19 +00:00
|
|
|
arptables -X && success || failure
|
2021-06-10 16:29:44 +00:00
|
|
|
printf "Flushing all chains: "
|
2020-10-15 11:44:19 +00:00
|
|
|
arptables -F && success || failure
|
2021-06-10 16:29:44 +00:00
|
|
|
printf "Resetting built-in chains to the default ACCEPT policy: "
|
2020-10-15 11:44:19 +00:00
|
|
|
arptables -P INPUT ACCEPT && \
|
|
|
|
arptables -P OUTPUT ACCEPT && \
|
|
|
|
success || \
|
|
|
|
failure
|
|
|
|
rm -f /var/lock/subsys/arptables
|
|
|
|
}
|
|
|
|
|
|
|
|
case "$1" in
|
|
|
|
start)
|
|
|
|
start
|
|
|
|
;;
|
|
|
|
|
|
|
|
stop)
|
|
|
|
stop
|
|
|
|
;;
|
|
|
|
|
|
|
|
restart|reload)
|
|
|
|
# "restart" is really just "start" as this isn't a daemon,
|
|
|
|
# and "start" clears any pre-defined rules anyway.
|
|
|
|
# This is really only here to make those who expect it happy
|
|
|
|
start
|
|
|
|
;;
|
|
|
|
|
|
|
|
condrestart|try-restart|force-reload)
|
|
|
|
[ -e /var/lock/subsys/arptables ] && start
|
|
|
|
;;
|
|
|
|
|
|
|
|
*)
|
|
|
|
exit 2
|
|
|
|
esac
|
|
|
|
|
|
|
|
exit 0
|