#!/sbin/runscript # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/files/shorewall.initd,v 1.3 2012/10/21 12:54:54 constanze Exp $ extra_commands="check clear" extra_started_commands="refresh reset" checkconfig() { if [ ! -d /var/lock/subsys ] ; then checkpath -d -m 755 /var/lock/subsys fi } depend() { need net provide firewall after ulogd } start() { checkconfig ebegin "Starting firewall" /sbin/shorewall -f start 1>/dev/null eend $? } stop() { ebegin "Stopping firewall" /sbin/shorewall stop 1>/dev/null eend $? } restart() { checkconfig # shorewall comes with its own control script that includes a # restart function, so refrain from calling svc_stop/svc_start # here. Note that this comment is required to fix bug 55576; # runscript.sh greps this script... (09 Jul 2004 agriffis) ebegin "Restarting firewall" /sbin/shorewall status >/dev/null if [ $? != 0 ] ; then svc_start else if [ -f /var/lib/shorewall/restore ] ; then /sbin/shorewall restore else /sbin/shorewall restart 1>/dev/null fi fi eend $? } clear() { # clear will remove all the rules and bring the system to an unfirewalled # state. (21 Nov 2004 eldad) ebegin "Clearing all firewall rules and setting policy to ACCEPT" /sbin/shorewall clear eend $? } reset() { # reset the packet and byte counters in the firewall ebegin "Resetting the packet and byte counters in the firewall" /sbin/shorewall reset eend $? } refresh() { # refresh the rules involving the broadcast addresses of firewall # interfaces, the black list, traffic control rules and # ECN control rules ebegin "Refreshing firewall rules" /sbin/shorewall refresh eend $? } check() { # perform cursory validation of the zones, interfaces, hosts, rules # and policy files. CAUTION: does not parse and validate the generated # iptables commands. ebegin "Checking configuration files" /sbin/shorewall check eend $? }