4
# Required-Start: $network $syslog $remote_fs
5
# Required-Stop: $network $syslog $remote_fs
6
# Default-Start: 2 3 4 5
8
# Short-Description: Universal Internet Firewall
9
# Description: Start the firewall defined in /etc/uif/uif.conf.
12
# Version: @(#)/etc/init.d/uif 1.0.9 June-2013 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
15
# RedHat specific settings - ignore for real systems ---------------------------
17
# description: provides iptables packet filtering
19
. /lib/lsb/init-functions
21
PATH=/usr/sbin:/sbin:$PATH
26
# Include firewall defaults if available
27
if [ -f /etc/default/uif ] ; then
31
#THIS IS DEFAULT ANYWAY#[ -z "$OPTIONS" ] && OPTIONS="-c /etc/uif/uif.conf"
34
if [ ! -f /sbin/iptables ]; then
35
log_failure_msg "uif: iptables not found - aborting"
39
if [ $IPV6MODE = 1 -a ! -f /sbin/ip6tables ] ; then
40
log_failure_msg "uif: ip6tables not found - aborting"
44
# uif installed? Without this script makes no sense...
48
# As the name says. If the kernel supports modules, it'll try to load
49
# the ones listed in "MODULES".
51
[ -f /proc/modules ] || return
52
LIST=`/sbin/lsmod|awk '!/Module/ {print $1}'`
54
for mod in $MODULES; do
55
echo $LIST | grep -q $mod || modprobe $mod || /bin/true
63
log_daemon_msg "Starting uif"
65
[ -f /proc/modules ] && { log_progress_msg "modules"; load_modules; }
67
log_progress_msg "IPv4-rules"
68
EMSG=`$UIF $OPTIONS 2>&1`
70
if [ $RET4 -ne 0 ]; then
72
logger "Starting uif failed: $EMSG"
75
echo -e "Hi. This is your firewall script - which has failed" \
76
"to execute in a proper way.\nHere is the error message:\n" \
77
"\n$EMSG\n\nPlease fix to be sure..." | mail -s "Firewall script failure" $MAILTO
81
echo -e "Error message: $EMSG\n"
84
if [ $IPV6MODE = 1 ] ; then
85
log_progress_msg "IPv6-rules"
86
EMSG=`$UIF -6 $OPTIONS 2>&1`
88
if [ $RET6 -ne 0 ]; then
90
logger "Starting uif failed: $EMSG"
93
echo -e "Hi. This is your IPv6 firewall script - which has failed" \
94
"to execute in a proper way.\nHere is the error message:\n" \
95
"\n$EMSG\n\nPlease fix to be sure..." | mail -s "Firewall script failure" $MAILTO
99
echo -e "Error message: $EMSG\n"
106
log_end_msg $(($RET4+$RET6))
110
log_daemon_msg "Stopping uif"
111
logger "Stopping uif"
112
if [ $IPV6MODE = 1 ] ; then
113
log_progress_msg "IPv4"
116
if [ $IPV6MODE = 1 ] ; then
117
log_progress_msg "IPv6"
124
echo "Printing rules based on your current configuration"
126
if [ $IPV6MODE = 1 ] ; then
133
if [ $IPV6MODE = 1 ] ; then
134
echo -n "IPv4 Test: "
136
echo -n "Activating IPv4 ruleset for $TIMEOUT seconds: modules, "
137
trap 'echo "aborted, IPv4 rules restored"; exit 0' SIGINT
140
echo -n "IPv4 rules - active, waiting - "
141
EMSG=`$UIF -T $TIMEOUT $OPTIONS`
142
if [ $? -eq 0 ]; then
147
echo -e "Error message: $EMSG\n"
150
if [ $IPV6MODE = 1 ] ; then
151
echo -n "IPv6 Test: "
152
echo -n "Activating IPv6 ruleset for $TIMEOUT seconds: modules, "
153
trap 'echo "aborted, IPv6 rules restored"; exit 0' SIGINT
156
echo -n "IPv6 rules - active, waiting - "
157
EMSG=`$UIF -6 -T $TIMEOUT $OPTIONS`
158
if [ $? -eq 0 ]; then
163
echo -e "Error message: $EMSG\n"
168
if [ "`id -u`" != "0" ]; then
169
echo "Can't retrieve status information. You need to be root."
172
if [ $IPV6MODE = 1 ] ; then
175
# Simple rule listing
176
echo -e "\nRule listing:\n"
177
iptables-save | sed "/^#/d"
179
# Show accounting data
180
if [ -n "$ACCOUNTPREFIX" ]; then
181
echo -e "\n\nCurrent accounting information:\n"
182
iptables -vnx -L 2>&1 | sed "/pkts/d" | sed -ne "/^Chain $ACCOUNTPREFIX/N" -e "s/\n/ /p" | \
183
sed "s/[ ][ ]*/ /g" | awk '{ print $2"\t"$6" Bytes"; }'
185
if [ $IPV6MODE = 1 ] ; then
187
# Simple rule listing
188
echo -e "\nRule listing:\n"
189
ip6tables-save | sed "/^#/d"
191
# Show accounting data
192
if [ -n "$ACCOUNTPREFIX" ]; then
193
echo -e "\n\nCurrent accounting information:\n"
194
ip6tables -vnx -L 2>&1 | sed "/pkts/d" | sed -ne "/^Chain $ACCOUNTPREFIX/N" -e "s/\n/ /p" | \
195
sed "s/[ ][ ]*/ /g" | awk '{ print $2"\t"$6" Bytes"; }'
198
# Show last 10 policy violations
199
if [ -n "$LOGPREFIX" ]; then
200
if [ $IPV6MODE = 1 ] ; then
201
echo -e "\n\nLast 10 policy violations (IPv4 & IPv6 combined):"
203
echo -e "\n\nLast 10 policy violations (IPv4 only):"
205
dmesg | grep "`hostname`.* $LOGPREFIX .*:" 2> /dev/null | tail -n 10
212
restart|reload|force-reload)
217
echo -n "Flushing IPv4 packet counters: "
218
iptables -Z &> /dev/null
219
if [ $? -eq 0 ]; then
224
if [ $IPV6MODE = 1 ] ; then
225
echo -n "Flushing IPv6 packet counters: "
226
ip6tables -Z &> /dev/null
227
if [ $? -eq 0 ]; then
237
echo "Usage: $0 {start|stop|status|restart|reload|flush|print}"