Script d'init iptables

De BlaxWiki
Aller à la navigationAller à la recherche
#! /bin/sh

### BEGIN INIT INFO
# Provides:             iptables
# Required-Start:       $network $syslog
# Required-Stop:        $network $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    IPTables firewall
# Description:          Standard rules for IPTables firewall
### END INIT INFO

# Initialisation des variables
SHELL="/bin/sh";
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin";
IPTABLES_RULES="/etc/network/iptables-rules";
IPTABLES_START="/etc/network/iptables-start.sh";
IPTABLES_STOP="/etc/network/iptables-stop.sh";
INTERNET_NIC="eth0";

iptables_start() {
        echo "Starting iptables firewall...";
        if [ -f $IPTABLES_RULES ]
        then
                iptables-restore < $IPTABLES_RULES;
                echo "1" > "/proc/sys/net/ipv4/ip_forward";
        else
                echo "File $IPTABLES_RULES doesn't exist.";
                exit 1;
        fi
}

iptables_stop() {
        echo "Stopping iptables firewall...";
        if [ -x $IPTABLES_STOP ]
        then
                sh $IPTABLES_STOP;
                echo "0" > "/proc/sys/net/ipv4/ip_forward";
        else
                echo "File $IPTABLES_STOP doesn't exist or is not an executable.";
                exit 1;
        fi
}

iptables_save() {
        echo "Saving iptables configuration...";
        if [ -x $IPTABLES_START ]
        then
                sh $IPTABLES_START;
                iptables-save > $IPTABLES_RULES;
        else
                echo "File $IPTABLES_START doesn't exist or is not an executable.";
                exit 1;
        fi
}

iptables_status() {
        iptables -L -n -v;
}

iptables_panic() {
        echo "Entering panic mode, closing ALL connections...";
        iptables --table filter --flush;
        iptables --table filter --delete-chain;
        iptables --table filter INPUT --jump DROP;
        iptables --table filter FORWARD --jump DROP;
        iptables --table filter OUTPUT --jump DROP;
        iptables --table filter --append INPUT --in-interface lo --protocol all --jump ACCEPT;
        iptables --table filter --append OUTPUT --out-interface lo --protocol all --jump ACCEPT;
        iptables --table filter --append FORWARD --in-interface lo --protocol all --jump ACCEPT;
        iptables --table filter --append FORWARD --out-interface lo --protocol all --jump ACCEPT;
}

case $1 in
        start)
                iptables_start && exit 0;
        ;;

        stop)
                iptables_stop && exit 0;
        ;;

        restart | reload)
                iptables_stop && iptables_start && exit 0;
        ;;

        save)
                iptables_save && exit 0;
        ;;
        status)
                iptables_status && exit 0;
        ;;
        panic)
                iptables_panic && exit 0;
        ;;
        *)
                echo "Usage: /etc/init.d/iptables start|stop|restart|reload|save|status|panic";
        ;;
esac;
Récupérée de « https://wiki.blaxeen.com/index.php?title=Script_d%27init_iptables&oldid=3256 »