Add a firewall init script.

firewall-initscript

@@ -0,0 +1,143 @@
+#!/bin/bash
+### BEGIN INIT INFO
+# Provides:          firewall
+# Required-Start:    $network
+# Required-Stop:     $network
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Firewalls' state save/restore/flush
+# Description:       Store the firewalls' state at shutdown, and restores it at boot.
+#                    Aalso set the firewalls to a default state, and flush all rules.
+### END INIT INFO
+
+DEFAULT_V4="/etc/firewall/default_v4.rules"
+DEFAULT_V6="/etc/firewall/default_v6.rules"
+STATE_V4="/etc/firewall/state_v4.rules"
+STATE_V6="/etc/firewall/state_v6.rules"
+
+# Confirm the iptables utilities are available.
+[[ ! -x "/usr/sbin/iptables" ]] || [[ ! -x "/usr/sbin/ip6tables" ]] || [[ ! -x "/usr/sbin/iptables-save" ]] || [[ ! -x "/usr/sbin/iptables-restore" ]] || [[ ! -x "/usr/sbin/ip6tables-save" ]] || [[ ! -x "/usr/sbin/ip6tables-restore" ]] && {
+  printf "%s: %s\\n" "${0##*/}" "iptables package not installed!" >&2
+  exit 1
+}
+
+firewall_states_restore() {
+  local ERR=0
+
+  # Restore the saved (or default) v4 firewall state.
+  iptables-restore "$STATE_V4" 2>/dev/null || {
+    printf "%s: %s " "${0##*/}" "failed to restore saved" >&2
+    if iptables-restore "$DEFAULT_V4" 2>/dev/null; then
+      printf "%s " ", only default" >&2
+    else
+      printf "%s " "and default" >&2
+      ERR=1
+    fi
+    printf "%s\\n" "v4 firewall state" >&2
+  }
+
+  # Restore the saved (or default) v6 firewall state.
+  ip6tables-restore "$STATE_V6" 2>/dev/null || {
+    printf "%s: %s " "${0##*/}" "failed to restore saved" >&2
+    if ip6tables-restore "$DEFAULT_V6" 2>/dev/null; then
+      printf "%s " ", only default" >&2
+    else
+      printf "%s " "and default" >&2
+      ERR=1
+    fi
+    printf "%s\\n" "v6 firewall state" >&2
+  }
+
+  return "$ERR"
+}
+
+firewall_states_save() {
+  local ERR=0
+
+  # Store the state of the v4 firewall.
+  iptables-save >"$STATE_V4" 2>/dev/null || {
+    printf "%s: %s\\n" "${0##*/}" "failed to save v4 firewall state" >&2
+    ERR=1
+  }
+
+  # Store the state of the v6 firewall.
+  ip6tables-save >"$STATE_V6" 2>/dev/null || {
+    printf "%s: %s\\n" "${0##*/}" "failed to save v6 firewall state" >&2
+    ERR=1
+  }
+
+  return "$ERR"
+}
+
+firewall_defaults_restore() {
+  local ERR=0
+
+  # Restore the default v4 firewall state.
+  iptables-restore "$DEFAULT_V4" 2>/dev/null || {
+    printf "%s: %s\\n" "${0##*/}" "failed to restore default v4 firewall state" >&2
+    ERR=1
+  }
+
+  # Restore the default v6 firewall state.
+  ip6tables-restore "$DEFAULT_V6" 2>/dev/null || {
+    printf "%s: %s\\n" "${0##*/}" "failed to restore default v6 firewall state" >&2
+    ERR=1
+  }
+
+  return "$ERR"
+}
+
+firewall_flush() {
+  # Set the default policies to ACCEPT.
+  iptables -P INPUT ACCEPT
+  ip6tables -P INPUT ACCEPT
+  iptables -P OUTPUT ACCEPT
+  ip6tables -P OUTPUT ACCEPT
+  iptables -P FORWARD ACCEPT
+  ip6tables -P FORWARD ACCEPT
+
+  # Flush all the rules in the tables.
+  iptables -F INPUT
+  ip6tables -F INPUT
+  iptables -F OUTPUT
+  ip6tables -F OUTPUT
+  iptables -F FORWARD
+  ip6tables -F FORWARD
+
+  # Delete all user defined tables.
+  iptables -X
+  ip6tables -X
+
+  # Reset packet counters to zero.
+  iptables -Z
+  ip6tables -Z
+
+  return 0	# All the above commands should never fail.
+}
+
+case "$1" in
+  start|restart|reload|force-reload)
+    firewall_states_restore
+    exit "$?"
+    ;;
+  stop)
+    firewall_states_save
+    exit "$?"
+    ;;
+  defaults)
+    firewall_defaults_restore || {
+      printf "%s: %s\\n" "${0##*/}" "failed to restore default firewall state" >&2
+      exit 1
+    }
+    echo "$?"
+    ;;
+  flush)
+    firewall_flush	# Should never fail.
+    ;;
+  *)
+    printf "%s %s\\n" "${0##*/}" "<start|stop|restart|reload|force-reload|defaults|flush>"
+    exit 2
+    ;;
+esac
+
+exit 0