Line 0
Link Here
|
|
|
1 |
#!/sbin/runscript |
2 |
# Copyright 1999-2013 Gentoo Foundation |
3 |
# Distributed under the terms of the GNU General Public License v2 |
4 |
# $Header: $ |
5 |
|
6 |
SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc" |
7 |
CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}" |
8 |
|
9 |
description="Puts Shorewall in a safe state at boot time" |
10 |
description="${description} prior to bringing up the network." |
11 |
|
12 |
required_files="$SHOREWALLRC_FILE" |
13 |
|
14 |
depend() { |
15 |
need localmount |
16 |
before net |
17 |
after bootmisc ipset tmpfiles.setup ulogd |
18 |
} |
19 |
|
20 |
|
21 |
. $SHOREWALLRC_FILE |
22 |
|
23 |
checkconfig() { |
24 |
local PRODUCT= |
25 |
|
26 |
if [ -z "${VARLIB}" ]; then |
27 |
eerror "\"VARLIB\" isn't defined or empty! Please check" \ |
28 |
"\"${SHOREWALLRC_FILE}\"." |
29 |
|
30 |
|
31 |
return 1 |
32 |
fi |
33 |
|
34 |
if [ -z "${PRODUCTS}" ]; then |
35 |
eerror "${SVCNAME} isn't configured! Please check" \ |
36 |
"\"${CONFIG_FILE}\"." |
37 |
|
38 |
|
39 |
return 1 |
40 |
fi |
41 |
|
42 |
for PRODUCT in ${PRODUCTS}; do |
43 |
if [ ! -x ${SBINDIR}/${PRODUCT} ]; then |
44 |
eerror "Invalid product \"${PRODUCT}\" specified" \ |
45 |
"in \"${CONFIG_FILE}\"!" |
46 |
eerror "Maybe \"${PRODUCT}\" isn't installed?" |
47 |
|
48 |
|
49 |
return 1 |
50 |
fi |
51 |
done |
52 |
|
53 |
|
54 |
return 0 |
55 |
} |
56 |
|
57 |
check_firewall_script() { |
58 |
if [ ! -x ${STATEDIR}/firewall ]; then |
59 |
if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then |
60 |
ebegin "Creating \"${STATEDIR}/firewall\"" |
61 |
${SBINDIR}/${PRODUCT} compile 1>/dev/null |
62 |
eend $? |
63 |
else |
64 |
eerror "\"${PRODUCT}\" isn't configured!" |
65 |
eerror "Please go to your 'administrative system'" \ |
66 |
"and deploy the compiled firewall" \ |
67 |
"configuration for this system." |
68 |
|
69 |
|
70 |
return 1 |
71 |
fi |
72 |
fi |
73 |
|
74 |
|
75 |
return 0 |
76 |
} |
77 |
|
78 |
is_allowed_to_be_executed() { |
79 |
# This is not a real service. shorewall-init is an intermediate |
80 |
# script to put your Shorewall-based firewall into a safe state |
81 |
# at boot time prior to bringing up the network. |
82 |
# Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz |
83 |
# for more information. |
84 |
# When your system is up, there is no need to call shorewall-init. |
85 |
# Please call shorewall{,6,-lite,6-lite} directly. That's the |
86 |
# reason why we are preventing start, stop or restart here. |
87 |
|
88 |
local PRODUCT= |
89 |
|
90 |
if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then |
91 |
# Starting shorewall-init is only allowed at boot time |
92 |
eerror "This is a boot service, which can only be started" \ |
93 |
"at boot." |
94 |
eerror "If you want to get your shorewall-based firewall" \ |
95 |
"into the same safe boot state again, run" |
96 |
eerror "" |
97 |
eindent |
98 |
for PRODUCT in ${PRODUCTS}; do |
99 |
eerror "/etc/init.d/${PRODUCT} stop" |
100 |
done |
101 |
eoutdent |
102 |
eerror "" |
103 |
eerror "Yes, \"stop\" and not start." |
104 |
eerror "" |
105 |
return 1 |
106 |
fi |
107 |
|
108 |
if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then |
109 |
# Stopping shorewall-init is only allowed at shutdown |
110 |
eerror "This is a boot service, which cannot be stopped." |
111 |
eerror "If you really want to stop your Shorewall-based" \ |
112 |
"firewall the same way this service would stop" \ |
113 |
"Shorewall at shutdown, please run" |
114 |
eerror "" |
115 |
eindent |
116 |
for PRODUCT in ${PRODUCTS}; do |
117 |
eerror "/etc/init.d/${PRODUCT} clear" |
118 |
done |
119 |
eoutdent |
120 |
eerror "" |
121 |
eerror "Keep in mind that this will clear (=bring down)" \ |
122 |
"your firewall!" |
123 |
eerror "" |
124 |
return 1 |
125 |
fi |
126 |
|
127 |
if [ "${RC_CMD}" = "restart" ]; then |
128 |
eerror "This is a boot service, which cannot be restarted." |
129 |
eerror "If you want to restart any of your Shorewall-based" \ |
130 |
"firewalls, run" |
131 |
eerror "" |
132 |
eindent |
133 |
for PRODUCT in ${PRODUCTS}; do |
134 |
eerror "/etc/init.d/${PRODUCT} restart" |
135 |
done |
136 |
eoutdent |
137 |
eerror "" |
138 |
return 1 |
139 |
fi |
140 |
|
141 |
|
142 |
return 0 |
143 |
} |
144 |
|
145 |
set_statedir() { |
146 |
STATEDIR= |
147 |
local VARDIR= |
148 |
|
149 |
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then |
150 |
STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} ) |
151 |
fi |
152 |
|
153 |
[ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT} |
154 |
} |
155 |
|
156 |
start_pre() { |
157 |
checkconfig || return 1 |
158 |
|
159 |
is_allowed_to_be_executed || return 1 |
160 |
} |
161 |
|
162 |
start() { |
163 |
local PRODUCT= |
164 |
local STATEDIR= |
165 |
|
166 |
for PRODUCT in ${PRODUCTS}; do |
167 |
set_statedir |
168 |
|
169 |
check_firewall_script || return 1 |
170 |
|
171 |
ebegin "Initializing \"${PRODUCT}\"" |
172 |
${STATEDIR}/firewall stop 1>/dev/null |
173 |
eend $? |
174 |
done |
175 |
} |
176 |
|
177 |
stop_pre() { |
178 |
checkconfig || return 1 |
179 |
|
180 |
is_allowed_to_be_executed || return 1 |
181 |
} |
182 |
|
183 |
stop() { |
184 |
local PRODUCT= |
185 |
local STATEDIR= |
186 |
|
187 |
for PRODUCT in ${PRODUCTS}; do |
188 |
set_statedir |
189 |
|
190 |
check_firewall_script || return 1 |
191 |
|
192 |
ebegin "Clearing \"${PRODUCT}\"" |
193 |
${STATEDIR}/firewall clear 1>/dev/null |
194 |
eend $? |
195 |
done |
196 |
} |