ret=0
TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` \
&& chmod 600 "$TMP_FILE" \
&& $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
&& size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] \
|| ret=1
if [ $ret -eq 0 ]; then
if [ -e $IPTABLES_DATA ]; then
cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
&& chmod 600 $IPTABLES_DATA.save \
|| ret=1
fi
if [ $ret -eq 0 ]; then
cp -f $TMP_FILE $IPTABLES_DATA \
&& chmod 600 $IPTABLES_DATA \
|| ret=1
fi
fi
return $ret
}
status() {
# Do not print status if lockfile is missing and iptables modules are not
# loaded.
# Check if iptable module is loaded
if [ ! -f "$VAR_SUBSYS_IPTABLES" ]; then
echo $"Firewall is stopped."
return 1
fi
# Check if firewall is configured (has tables)
if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
echo $"Firewall is not configured. "
return 1
fi
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
if [ -z "$tables" ]; then
echo $"Firewall is not configured. "
return 1
fi
NUM=
[ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
for table in $tables; do
echo $"Table: $table"
$IPTABLES -t $table --list $NUM && echo
done
return 0
}
restart() {
if [ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ]; then
save;
rc_status -v
fi
stop
rc_status -v
start
}
case "$1" in
start)
stop
rc_status -v
start
rc_status -v
;;
stop)
if [ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ]; then
save;
rc_status -v
fi
stop
rc_status -v
;;
restart)
restart
rc_status -v
;;
condrestart)
[ -e "$VAR_SUBSYS_IPTABLES" ] && restart
rc_status -v
;;
status)
status
rc_status -v
;;
panic)
flush_n_delete
set_policy DROP
rc_status -v
;;
save)
save
rc_status -v
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
exit 1
;;
esac
rc_exit;