Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

executable file 164 lines (139 sloc) 3.792 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163
#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables
# Required-Start: mountkernfs $local_fs
# Required-Stop: $local_fs
# Default-Start: S
# Default-Stop:
# Short-Description: Set up iptables rules
### END INIT INFO

PATH="/sbin:/bin:/usr/sbin:/usr/bin"

# Include config file for iptables-persistent
. /etc/default/iptables-persistent.conf

case "$1" in
start)
    if [ -e /var/run/iptables ]; then
echo "iptables is already started!"
        exit 1
    else
touch /var/run/iptables
    fi

    # if fail2ban is already running, stop it the time needed to load the new rules
    if [ -x /etc/init.d/fail2ban ]; then
        /etc/init.d/fail2ban stop
    fi

if [ $ENABLE_ROUTING -ne 0 ]; then
        # Enable Routing
        echo 1 > /proc/sys/net/ipv4/ip_forward
        if [ $IPV6 -ne 0 ]; then
echo 1 >/proc/sys/net/ipv6/conf/all/forwarding
        fi
fi

if [ $MODULES ]; then
        # Load Modules
        modprobe -a $MODULES
    fi

    # Load saved rules
    if [ -f /etc/iptables/rules ]; then
iptables-restore </etc/iptables/rules
    fi
if [ $IPV6 -ne 0 -a -f /etc/iptables/ipv6_rules ]; then
ip6tables-restore </etc/iptables/ipv6_rules
    fi
 
    # restart of fail2ban
    if [ -x /etc/init.d/fail2ban ]; then
        /etc/init.d/fail2ban start
    fi
    ;;

stop|force-stop)
    if [ ! -e /var/run/iptables ]; then
echo "iptables is already stopped!"
        exit 1
    else
rm /var/run/iptables
    fi

if [ $SAVE_NEW_RULES -ne 0 ]; then
        # Backup old rules
        cp /etc/iptables/rules /etc/iptables/rules.bak
        # Save new rules
        iptables-save >/etc/iptables/rules

        if [ $IPV6 -ne 0 ]; then
            # Backup old rules
            cp /etc/iptables/ipv6_rules /etc/iptables/ipv6_rules.bak
            # Save new rules
            ip6tables-save >/etc/iptables/ipv6_rules
        fi
fi

    # stop fail2ban before flushing iptables chains
    if [ -x /etc/init.d/fail2ban ]; then
        /etc/init.d/fail2ban stop
    fi

    # Restore Default Policies
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT

    # Flush rules on default tables
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F

    if [ $IPV6 -ne 0 ]; then
        # Restore Default Policies
        ip6tables -P INPUT ACCEPT
        ip6tables -P FORWARD ACCEPT
        ip6tables -P OUTPUT ACCEPT

        # Flush rules on default tables
        ip6tables -F
        ip6tables -t mangle -F
    fi

if [ $MODULES ]; then
        # Unload previously loaded modules
        modprobe -r $MODULES
    fi

    # Disable Routing if enabled
    if [ $ENABLE_ROUTING -ne 0 ]; then
        # Disable Routing
        echo 0 > /proc/sys/net/ipv4/ip_forward
        if [ $IPV6 -ne 0 ]; then
echo 0 >/proc/sys/net/ipv6/conf/all/forwarding
        fi
fi

    # start of fail2ban
    if [ -x /etc/init.d/fail2ban ]; then
        /etc/init.d/fail2ban start
    fi
    ;;

restart|force-reload)
    $0 stop
    $0 start
    ;;

status)
    echo "Filter Rules:"
    echo "--------------"
    iptables -L -v
    echo ""
    echo "NAT Rules:"
    echo "-------------"
    iptables -t nat -L -v
    echo ""
    echo "Mangle Rules:"
    echo "----------------"
    iptables -t mangle -L -v

    if [ $IPV6 -ne 0 ]; then
echo "**********"
        echo "** IPV6 **"
        echo "**********"
        echo "Filter Rules:"
        echo "--------------"
        ip6tables -L -v
        echo ""
        echo "Mangle Rules:"
        echo "----------------"
        ip6tables -t mangle -L -v
    fi
    ;;

*)
    echo "Usage: $0 {start|stop|force-stop|restart|force-reload|status}" >&2
    exit 1
    ;;
esac

exit 0
Something went wrong with that request. Please try again.