redhat iptables 脚本移植给suse
2009-08-16 11:35
253 查看
很多redhat用户习惯使用redhat的iptables启动脚本,此文附suse的iptables启动脚本
配置文件与redhat完全一样
#!/bin/sh # Copyright (c) 2007 SuSE Linux AG Nuernberg, Germany. # # Author: devil <guxing1841@gmail.com> # # /etc/init.d/iptables # ### BEGIN INIT INFO # Provides: iptables # Required-Start: $local_fs dbus haldaemon # Required-Stop: # Default-Start: 3 5 # Default-Stop: # Description: start iptables fireware ### END INIT INFO IPTABLES=iptables IPTABLES_DATA=/etc/sysconfig/$IPTABLES IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6 PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num><num> # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status . /etc/rc.status # First reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - insufficient privilege # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signalling is not supported) are # considered a success. if [ ! -x /usr/sbin/$IPTABLES ]; then echo -n $"/sbin/$IPTABLES does not exist."; rc_failed; rc_status -v; rc_exit; fi if lsmod 2>/dev/null | grep -q ipchains ; then echo -n $"ipchains and $IPTABLES can not be used together."; rc_failed; rc_status -v; rc_exit; fi # Old or new modutils /sbin/modprobe --version 2>&1 | grep -q module-init-tools / && NEW_MODUTILS=1 / || NEW_MODUTILS=0 # Default firewall configuration: IPTABLES_MODULES="" IPTABLES_MODULES_UNLOAD="yes" IPTABLES_SAVE_ON_STOP="no" IPTABLES_SAVE_ON_RESTART="no" IPTABLES_SAVE_COUNTER="no" IPTABLES_STATUS_NUMERIC="yes" # Load firewall configuration. [ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG" rmmod_r() { # Unload module with all referring modules. # At first all referring modules will be unloaded, then the module itself. local mod=$1 local ret=0 local ref= # Get referring modules. # New modutils have another output format. [ $NEW_MODUTILS = 1 ] / && ref=`lsmod | awk "/^${mod}/ { print ///$4; }" | tr ',' ' '` / || ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1` # recursive call for all referring modules for i in $ref; do rmmod_r $i let ret+=$?; done # Unload module. # The extra test is for 2.6: The module might have autocleaned, # after all referring modules are unloaded. if grep -q "^${mod}" /proc/modules ; then modprobe -r $mod > /dev/null 2>&1 let ret+=$?; fi return $ret } flush_n_delete() { # Flush firewall rules and delete chains. [ -e "$PROC_IPTABLES_NAMES" ] || return 1 # Check if firewall is configured (has tables) tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null` if [ -z "$tables" ]; then return 1; fi echo -n $"Flushing firewall rules: " ret=0 # For all tables for i in $tables; do # Flush firewall rules. $IPTABLES -t $i -F; let ret+=$?; # Delete firewall chains. $IPTABLES -t $i -X; let ret+=$?; # Set counter to zero. $IPTABLES -t $i -Z; let ret+=$?; done rc_failed $ret rc_status -v return $ret; } set_policy() { # Set policy for configured tables. policy=$1 # Check if iptable module is loaded [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1 # Check if firewall is configured (has tables) tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null` [ -z "$tables" ] && return 1 echo -n $"Setting chains to policy $policy: " ret=0 for i in $tables; do echo -n "$i " case "$i" in filter) $IPTABLES -t filter -P INPUT $policy / && $IPTABLES -t filter -P OUTPUT $policy / && $IPTABLES -t filter -P FORWARD $policy / || let ret+=1 ;; nat) $IPTABLES -t nat -P PREROUTING $policy / && $IPTABLES -t nat -P POSTROUTING $policy / && $IPTABLES -t nat -P OUTPUT $policy / || let ret+=1 ;; mangle) $IPTABLES -t mangle -P PREROUTING $policy / && $IPTABLES -t mangle -P POSTROUTING $policy / && $IPTABLES -t mangle -P INPUT $policy / && $IPTABLES -t mangle -P OUTPUT $policy / && $IPTABLES -t mangle -P FORWARD $policy / || let ret+=1 ;; *) let ret+=1 ;; esac done rc_failed $ret rc_status -v return $ret } start() { # Do not start if there is no config file. [ -f "$IPTABLES_DATA" ] || return 1 echo -n $"Applying $IPTABLES firewall rules: " OPT= [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c" ret=0 $IPTABLES-restore $OPT $IPTABLES_DATA ret=$? if [ $ret -ne 0 ]; then return $ret fi # Load additional modules (helpers) if [ -n "$IPTABLES_MODULES" ]; then echo -n $"Loading additional $IPTABLES modules: " ret=0 for mod in $IPTABLES_MODULES; do echo -n "$mod " modprobe $mod > /dev/null 2>&1 let ret+=$?; done fi touch $VAR_SUBSYS_IPTABLES return $ret } stop() { # Do not stop if iptables module is not loaded. [ -e "$PROC_IPTABLES_NAMES" ] || return 1 flush_n_delete set_policy ACCEPT if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then echo -n $"Unloading $IPTABLES modules: " ret=0 rmmod_r ${IPV}_tables let ret+=$?; rmmod_r ${IPV}_conntrack let ret+=$?; fi rm -f $VAR_SUBSYS_IPTABLES return $ret } save() { # Check if iptable module is loaded [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1 # Check if firewall is configured (has tables) tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null` [ -z "$tables" ] && return 1 echo -n $"Saving firewall rules to $IPTABLES_DATA: " OPT= [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c" ret=0 TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` / && chmod 600 "$TMP_FILE" / && $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null / && size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] / || ret=1 if [ $ret -eq 0 ]; then if [ -e $IPTABLES_DATA ]; then cp -f $IPTABLES_DATA $IPTABLES_DATA.save / && chmod 600 $IPTABLES_DATA.save / || ret=1 fi if [ $ret -eq 0 ]; then cp -f $TMP_FILE $IPTABLES_DATA / && chmod 600 $IPTABLES_DATA / || ret=1 fi fi return $ret } status() { # Do not print status if lockfile is missing and iptables modules are not # loaded. # Check if iptable module is loaded if [ ! -f "$VAR_SUBSYS_IPTABLES" ]; then echo $"Firewall 996b is stopped." return 1 fi # Check if firewall is configured (has tables) if [ ! -e "$PROC_IPTABLES_NAMES" ]; then echo $"Firewall is not configured. " return 1 fi tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null` if [ -z "$tables" ]; then echo $"Firewall is not configured. " return 1 fi NUM= [ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n" for table in $tables; do echo $"Table: $table" $IPTABLES -t $table --list $NUM && echo done return 0 } restart() { if [ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ]; then save; rc_status -v fi stop rc_status -v start } case "$1" in start) stop rc_status -v start rc_status -v ;; stop) if [ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ]; then save; rc_status -v fi stop rc_status -v ;; restart) restart rc_status -v ;; condrestart) [ -e "$VAR_SUBSYS_IPTABLES" ] && restart rc_status -v ;; status) status rc_status -v ;; panic) flush_n_delete set_policy DROP rc_status -v ;; save) save rc_status -v ;; *) echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}" exit 1 ;; esac rc_exit;
相关文章推荐
- SUSE 与 RedHat init.d 脚本文件的区别
- 使用crypt生成用户密码-Tested on RedHat & SuSE Platform
- 一个实用的IPTABLES脚本
- 编写iptables脚本实现IP地址、端口过滤
- 默认Iptables防火墙规则的小实验[附脚本] 推荐
- iptables 1.4.10 移植编译
- 编写iptables脚本实现IP地址、端口过滤 推荐
- Redhat RHEL Tomcat init script(tomcat在linux下自动启动初始化脚本)
- 常用的 iptables配置脚本
- linux共有多少个版本(redhat,redflag,suse,ubuntu等),各有什么特点和缺点?
- 如何移植iptables1.4.9到Tiny6410_Linux2.6.38内核
- 经典iptables脚本(2011-07-07)
- iptables发布网站脚本 推荐
- redhat5关闭防火墙的方法-chkconfig临时关闭iptables
- 自已再编辑的iptables脚本、改进中
- Linux中madplay 音乐播放器移植步骤(在redhat中编译)
- Linux防火墙――IPtables简易配置脚本
- 打造自己的专属Linux(二):使用脚本实现自动化建立小Linux与命令移植
- 分享一个iptables防火墙的脚本和防御ddos攻击的脚本
- Centos Redhat suse 系统信息查看