blob: c10db5d90192e30831c41cedae877fafbb2b709d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
#!/bin/sh
# Author: Arturo Borrero Gonzalez <arturo@debian.org>
# Adapted by: Alexander Dahl <ada@thorsis.com>
# Do NOT "set -e"
CONF=/etc/nftables.conf
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="firewall service"
NAME=nftables
BIN=/usr/sbin/nft
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the package is not installed
[ -x "$BIN" ] || exit 0
do_start()
{
# Return
# 0 if start OK
# 2 if start NOK
# nft v0.4 return 0 if ENOENT $CONF
if [ ! -r "$CONF" ] ; then
echo "E: No such $NAME $DESC config file $CONF" >&2
return 2
fi
$BIN -f $CONF || return 2
}
do_stop()
{
# Return
# 0 if stopped
# 1 if already stopped
# 2 if could not be stopped
if ! do_status ; then
$BIN flush ruleset || return 2
fi
}
do_status()
{
# Return
# 0 if no rules
# 1 if rules
if [ "$($BIN list ruleset 2>/dev/null | wc -l)" = "0" ] ; then
return 0
fi
return 1
}
case "$1" in
start)
echo -n "Starting $DESC ..."
do_start
ret="$?"
case "$ret" in
0|1) echo " Done." ;;
2) echo " Failed." ;;
esac
exit $ret
;;
restart|force-reload)
echo -n "Restarting $DESC ..."
do_start
ret="$?"
case "$ret" in
0|1) echo " Done." ;;
2) echo " Failed." ;;
esac
exit $ret
;;
stop)
echo -n "Stopping $DESC ..."
do_stop
ret="$?"
case "$ret" in
0|1) echo " Done." ;;
2) echo " Failed." ;;
esac
exit $ret
;;
status)
if ! do_status ; then
echo "Status of ${DESC}: rules loaded"
exit 0
else
echo "Status of ${DESC}: no rules loaded"
exit 1
fi
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac
:
|
