Projects/random-commands
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Handle merge conflicts.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2026-05-30 16:12:40 +01:00
commit a2eb21bfe2
1 changed files with 38 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

62
firewall-initscript
View file

@ -1,34 +1,37 @@
#!/bin/bash #!/bin/bash
# Restore firewall state at boot, and store it at shutdown. # Restore firewall state at boot, and store it at shutdown.
# Version: 0.1.1
### BEGIN INIT INFO ### BEGIN INIT INFO
# Provides: firewall # Provides: firewall
# Required-Start: $network # Required-Start: $network
# Required-Stop: $network # Required-Stop: $network
# Default-Start: 2 3 4 5 # Default-Start: 1 2 3 4 5
# Default-Stop: 0 1 6 # Default-Stop: 0 6
# Short-Description: Firewalls' state save/restore/flush # Short-Description: Firewalls' state save/restore/flush
# Description: Store the firewalls' state at shutdown, and restores it at boot. # Description: Store the firewalls' state at shutdown, and restores it at boot.
# Aalso set the firewalls to a default state, and flush all rules. # Aalso set the firewalls to a default state, and flush all rules.
### END INIT INFO ### END INIT INFO
DEFAULT_V4="/etc/firewall/default_v4.rules" SYSTEM_DIR="/etc/firewall"
DEFAULT_V6="/etc/firewall/default_v6.rules" LOCAL_DIR="/root/.local/etc/firewall"
STATE_V4="/etc/firewall/state_v4.rules" DEFAULT_V4="default_v4.rules"
STATE_V6="/etc/firewall/state_v6.rules" DEFAULT_V6="default_v6.rules"
STATE_V4="state_v4.rules"
STATE_V6="state_v6.rules"
# Confirm the iptables utilities are available. # Confirm the iptables utilities are available.
[[ ! -x "/usr/sbin/iptables" ]] || [[ ! -x "/usr/sbin/ip6tables" ]] || [[ ! -x "/usr/sbin/iptables-save" ]] || [[ ! -x "/usr/sbin/iptables-restore" ]] || [[ ! -x "/usr/sbin/ip6tables-save" ]] || [[ ! -x "/usr/sbin/ip6tables-restore" ]] && { [[ ! -x "/usr/sbin/iptables" ]] || [[ ! -x "/usr/sbin/ip6tables" ]] || [[ ! -x "/usr/sbin/iptables-save" ]] || [[ ! -x "/usr/sbin/iptables-restore" ]] || [[ ! -x "/usr/sbin/ip6tables-save" ]] || [[ ! -x "/usr/sbin/ip6tables-restore" ]] && {
printf "%s: %s\\n" "${0##*/}" "iptables package not installed!" >&2 printf "%s: %s\\n" "${0##*/}" "iptables package not installed" >&2
exit 1 exit 1
} }
firewall_states_restore() { states_restore() {
local ERR=0 local ERR=0
# Restore the saved (or default) v4 firewall state. # Restore the saved (or default) v4 firewall state.
iptables-restore "$STATE_V4" 2>/dev/null || { iptables-restore "$RULES_DIR/$STATE_V4" 2>/dev/null || {
printf "%s: %s" "${0##*/}" "failed to restore saved" >&2 printf "%s: %s" "${0##*/}" "failed to restore saved" >&2
if iptables-restore "$DEFAULT_V4" 2>/dev/null; then if iptables-restore "$$RULES_DIR/DEFAULT_V4" 2>/dev/null; then
printf "%s" ", only default" >&2 printf "%s" ", only default" >&2
else else
printf " %s" "and default" >&2 printf " %s" "and default" >&2
@ -38,9 +41,9 @@ firewall_states_restore() {
} }
# Restore the saved (or default) v6 firewall state. # Restore the saved (or default) v6 firewall state.
ip6tables-restore "$STATE_V6" 2>/dev/null || { ip6tables-restore "$RULES_DIR/$STATE_V6" 2>/dev/null || {
printf "%s: %s" "${0##*/}" "failed to restore saved" >&2 printf "%s: %s" "${0##*/}" "failed to restore saved" >&2
if ip6tables-restore "$DEFAULT_V6" 2>/dev/null; then if ip6tables-restore "$RULES_DIR/$DEFAULT_V6" 2>/dev/null; then
printf "%s" ", only default" >&2 printf "%s" ", only default" >&2
else else
printf " %s" "and default" >&2 printf " %s" "and default" >&2
@ -52,17 +55,17 @@ firewall_states_restore() {
return "$ERR" return "$ERR"
} }
firewall_states_save() { states_save() {
local ERR=0 local ERR=0
# Store the state of the v4 firewall. # Store the state of the v4 firewall.
iptables-save >"$STATE_V4" 2>/dev/null || { iptables-save >"$RULES_DIR/$STATE_V4" 2>/dev/null || {
printf "%s: %s\\n" "${0##*/}" "failed to save v4 firewall state" >&2 printf "%s: %s\\n" "${0##*/}" "failed to save v4 firewall state" >&2
ERR=1 ERR=1
} }
# Store the state of the v6 firewall. # Store the state of the v6 firewall.
ip6tables-save >"$STATE_V6" 2>/dev/null || { ip6tables-save >"$RULES_DIR/$STATE_V6" 2>/dev/null || {
printf "%s: %s\\n" "${0##*/}" "failed to save v6 firewall state" >&2 printf "%s: %s\\n" "${0##*/}" "failed to save v6 firewall state" >&2
ERR=1 ERR=1
} }
@ -70,17 +73,17 @@ firewall_states_save() {
return "$ERR" return "$ERR"
} }
firewall_defaults_restore() { defaults_restore() {
local ERR=0 local ERR=0
# Restore the default v4 firewall state. # Restore the default v4 firewall state.
iptables-restore "$DEFAULT_V4" 2>/dev/null || { iptables-restore "$RULES_DIR/$DEFAULT_V4" 2>/dev/null || {
printf "%s: %s\\n" "${0##*/}" "failed to restore default v4 firewall state" >&2 printf "%s: %s\\n" "${0##*/}" "failed to restore default v4 firewall state" >&2
ERR=1 ERR=1
} }
# Restore the default v6 firewall state. # Restore the default v6 firewall state.
ip6tables-restore "$DEFAULT_V6" 2>/dev/null || { ip6tables-restore "$RULES_DIR/$DEFAULT_V6" 2>/dev/null || {
printf "%s: %s\\n" "${0##*/}" "failed to restore default v6 firewall state" >&2 printf "%s: %s\\n" "${0##*/}" "failed to restore default v6 firewall state" >&2
ERR=1 ERR=1
} }
@ -88,7 +91,7 @@ firewall_defaults_restore() {
return "$ERR" return "$ERR"
} }
firewall_flush() { flush() {
# Set the default policies to ACCEPT. # Set the default policies to ACCEPT.
iptables -P INPUT ACCEPT iptables -P INPUT ACCEPT
ip6tables -P INPUT ACCEPT ip6tables -P INPUT ACCEPT
@ -116,24 +119,35 @@ firewall_flush() {
return 0 # All the above commands should never fail. return 0 # All the above commands should never fail.
} }
# Locate the rules directory.
# We need to support the LOCAL_DIR because on the SANs you can't put config files in /etc and have them persist over a reboot or upgrade.
if [[ -d "$LOCAL_DIR" ]]; then
RULES_DIR="$LOCAL_DIR"
elif [[ -d "$SYSTEM_DIR" ]]; then
RULES_DIR="$SYSTEM_DIR"
else
printf "%s: %s\\n" "${0##*/}" "no rules directory found"
exit 1
fi
case "$1" in case "$1" in
start|restart|reload|force-reload) start|restart|reload|force-reload)
firewall_states_restore states_restore
exit "$?" exit "$?"
;; ;;
stop) stop)
firewall_states_save states_save
exit "$?" exit "$?"
;; ;;
defaults) defaults)
firewall_defaults_restore || { defaults_restore || {
printf "%s: %s\\n" "${0##*/}" "failed to restore default firewall state" >&2 printf "%s: %s\\n" "${0##*/}" "failed to restore default firewall state" >&2
exit 1 exit 1
} }
echo "$?" exit "$?"
;; ;;
flush) flush)
firewall_flush # Should never fail. flush # Should never fail.
;; ;;
*) *)
printf "%s %s\\n" "${0##*/}" "<start|stop|restart|reload|force-reload|defaults|flush>" printf "%s %s\\n" "${0##*/}" "<start|stop|restart|reload|force-reload|defaults|flush>"