diff options
| author |   Tony Vroon <chainsaw@gentoo.org> | 2010-04-13 13:29:58 +0000 |
|---|---|---|
| committer | Tony Vroon <chainsaw@gentoo.org> | 2010-04-13 13:29:58 +0000 |
| commit | 49517e0306da2545c932caee8dc11b7458cbb8d0 (patch) | |
| tree | 418d1dd27b525af70f5dde8f538a295e1520107c /net-firewall/shorewall6/files | |
| parent | Version bump (diff) | |
| download | gentoo-2-49517e0306da2545c932caee8dc11b7458cbb8d0.tar.gz gentoo-2-49517e0306da2545c932caee8dc11b7458cbb8d0.tar.bz2 gentoo-2-49517e0306da2545c932caee8dc11b7458cbb8d0.zip | |
Updated init script with simplified dependencies addresses security bug #288992 by Hugo Mildenberger.
(Portage version: 2.1.8.3/cvs/Linux x86_64)
Diffstat (limited to 'net-firewall/shorewall6/files')
| -rw-r--r-- | net-firewall/shorewall6/files/shorewall6.initd2 | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/net-firewall/shorewall6/files/shorewall6.initd2 b/net-firewall/shorewall6/files/shorewall6.initd2 new file mode 100644 index 000000000000..804e040794ab --- /dev/null +++ b/net-firewall/shorewall6/files/shorewall6.initd2 @@ -0,0 +1,79 @@ +#!/sbin/runscript +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall6/files/shorewall6.initd2,v 1.1 2010/04/13 13:29:58 chainsaw Exp $ + +opts="start stop restart clear reset refresh check" + +depend() { + before net + provide firewall +} + +start() { + ebegin "Starting firewall" + /sbin/shorewall6 -f start 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping firewall" + /sbin/shorewall6 stop 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + ebegin "Restarting firewall" + /sbin/shorewall6 status >/dev/null + if [ $? != 0 ] ; then + svc_start + else + if [ -f /var/lib/shorewall6/restore ] ; then + /sbin/shorewall6 restore + else + /sbin/shorewall6 restart 1>/dev/null + fi + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all firewall rules and setting policy to ACCEPT" + /sbin/shorewall6 clear + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in the firewall" + /sbin/shorewall6 reset + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing firewall rules" + /sbin/shorewall6 refresh + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking configuration files" + /sbin/shorewall6 check + eend $? +} |