#!/bin/bash

#

# chkconfig: 35 90 12

# description: Firewall

#

# Start the firewall

start ( ) {

FIREWALL_RULES = '/etc/firewall/firewall_rules'

if [ -f / var / lock / subsys / fw.lock ] ; then

echo "Firewall already running."

exit 1

fi

echo "Starting the Firewall: "

if [ -n "$1" ] ; then

case "$1" in

input )

bash / etc / firewall / firewall_rules input

;;

output )

bash / etc / firewall / firewall_rules output

;;

forward )

bash / etc / firewall / firewall_rules forward

;;

workstations )

bash / etc / firewall / firewall_rules workstations

;;

winservers )

bash / etc / firewall / firewall_rules winservers

;;

devnetwork )

bash / etc / firewall / firewall_rules devnetwork

;;

dmznetwork )

bash / etc / firewall / firewall_rules dmznetwork

;;

all )

bash / etc / firewall / firewall_rules all

;;

* )

sleep 1

echo "Chain $1 does not exist."

exit 1

esac

else

bash / etc / firewall / firewall_rules all

fi

touch / var / lock / subsys / fw.lock

sleep 1

if [ -n "$1" ] ; then

echo "$1 chain(s) active. Started `date +%h\ %d\ %Y\ %H:%M:%S` " >> / var / log / firewall / fwstatus.log

echo "$1 chain(s) started."

else

echo "all chain(s) active. Started `date +%h\ %d\ %Y\ %H:%M:%S` " >> / var / log / firewall / fwstatus.log

echo "all chain(s) started."

fi

sleep 1

if [ -f / var / lock / subsys / fw.lock ] ; then echo "Firewall started" ; fi

}

# Stop the firewall

stop ( ) {

FIREWALL_RULES = '/etc/firewall/firewall_rules'

if [ ! -f / var / lock / subsys / fw.lock ] ; then

echo "Firewall not running."

exit 1

fi

echo "Stopping the Firewall: "

if [ ! -z "$1" ] ; then

case "$1" in

input )

DEFAULTCHAIN =INPUT

;;

output )

DEFAULTCHAIN =OUTPUT

;;

forward )

DEFAULTCHAIN =FORWARD

;;

workstations )

CHAIN =WORKSTATIONS

;;

winservers )

CHAIN =WINSERVERS

;;

devnetwork )

CHAIN =DEVNETWORK

;;

dmznetwork )

CHAIN =DMZNETWORK

;;

all )

DEFAULTCHAIN = 'INPUT OUTPUT FORWARD'

CHAIN = 'WORKSTATIONS WINSERVERS DEVNETWORK DMZNETWORK'

;;

* )

sleep 1

echo "Chain $1 does not exist."

exit 1

esac

else

DEFAULTCHAIN = 'INPUT OUTPUT FORWARD'

CHAIN = 'WORKSTATIONS WINSERVERS DEVNETWORK DMZNETWORK'

fi

if [ ! -z " $DEFAULTCHAIN " ] ; then

# iptables -F

# iptables -Z $DEFAULTCHAIN

sed -i / ^ $DEFAULTCHAIN . * $ / Id / var / log / firewall / fwstatus.log

fi

if [ ! -z " $CHAIN " ] ; then

# iptables -X $CHAIN

# iptables -F

sed -i / ^ $CHAIN . * $ / Id / var / log / firewall / fwstatus.log

fi

if [ ! -z " $DEFAULTCHAIN " ] && [ ! -z " $CHAIN " ] ; then

rm -f / var / log / firewall / fwstatus.log

touch / var / log / firewall / fwstatus.log

fi

if [ ! -s / var / log / firewall / fwstatus.log ] ; then

rm -f / var / lock / subsys / fw.lock

fi

sleep 1

if [ -n "$1" ] ; then

if [ ! -s / var / log / firewall / fwstatus.log ] ; then echo "Firewall stopped" ; else echo "$1 chain(s) removed." ; fi

else

echo "Firewall stopped"

fi

}

# Show if firewall is running and which chains are active

status ( ) {

if [ ! -f / var / lock / subsys / fw.lock ] ; then

echo "Firewall is stopped."

else

echo "Firewall is running."

fi

if [ -s / var / log / firewall / fwstatus.log ] ; then

cat / var / log / firewall / fwstatus.log

else

echo "No active chains."

fi

}

restart ( ) {

echo "Stopping the Firewall...: "

stop

sleep 1

echo "Starting the Firewall...: "

start

sleep 1

echo "Done."

}

help ( ) {

echo "This init script loads and unloads rules from iptables.

Possible arguments are start, stop, status, restart, reload, and help.

The start and stop arguments can also take an argument, which

is the name of the target chain, or all for all chains.

For example, '/etc/init.d/firewall stop input' will clear the input chain.

By default, if a chain is not specified, the function will operate on all chains.

The available chains are input, output, forward, workstations, winservers, devnetwork, and dmznetwork."

}

configcheck ( ) {

if [ ! -f $FIREWALL_RULES ] ; then

echo " $FIREWALL_RULES must exist"

exit 1

fi

}

configcheck

### main logic ###

case "$1" in

start )

start $2

;;

stop )

stop $2

;;

status )

status

;;

restart | reload )

restart

;;

help )

help

;;

* )

echo "Usage: $0 {start|stop|restart|reload|status} {input|output|forward|workstations|winservers|devnetwork|dmznetwork} "

exit 1

esac