#!/sbin/openrc-run # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd,v 1.2 2007/09/28 19:22:14 pva Exp $ extra_commands="save reload" extra_started_commands="panic" ebtables_bin="/sbin/ebtables" ebtables_save=${EBTABLES_SAVE} ebtables_tables=$(grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//) if [ "$ebtables_tables" == "" ] ; then ebtables_tables=${TABLE_NAMES} fi # Add ip netns if configured to run in a netns namespace if [ -n "$netns" ]; then test -e /run/netns/$netns || ip netns add $netns ebtables_bin="ip netns exec $netns $ebtables_bin" fi depend() { before net use logger } set_table_policy() { local chains table=$1 policy=$2 case ${table} in nat) chains="PREROUTING POSTROUTING OUTPUT";; broute) chains="BROUTING";; filter) chains="INPUT FORWARD OUTPUT";; *) chains="";; esac local chain for chain in ${chains} ; do ${ebtables_bin} -t ${table} -P ${chain} ${policy} done } checkconfig() { if [ ! -f ${ebtables_save} ] ; then eerror "Not starting ebtables. First create some rules then run:" eerror "/etc/init.d/ebtables save" return 1 fi return 0 } start() { checkconfig || return 1 ebegin "Loading ebtables state and starting bridge firewall" ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}" eend $? } stop() { if [ "${SAVE_ON_STOP}" = "yes" ] ; then save || return 1 fi ebegin "Stopping bridge firewall" local a for a in ${ebtables_tables}; do set_table_policy $a ACCEPT ${ebtables_bin} -t $a -F ${ebtables_bin} -t $a -X done eend $? } reload() { ebegin "Flushing bridge firewall" local a for a in ${ebtables_tables}; do ${ebtables_bin} -t $a -F ${ebtables_bin} -t $a -X done eend $? start } save() { ebegin "Saving ebtables state" checkpath -Fm 0600 "${ebtables_save}" for a in ${ebtables_tables} ; do ${ebtables_bin}-save -t ${a} ${SAVE_RESTORE_OPTIONS} >> "${ebtables_save}" done eend $? } panic() { service_started ebtables && svc_stop local a ebegin "Dropping all packets forwarded on bridges" for a in ${ebtables_tables}; do ${ebtables_bin} -t $a -F ${ebtables_bin} -t $a -X set_table_policy $a DROP done eend $? }