qports/qubes-vm-core/qubes-iptables.openrc

#!/bin/bash
#
# qubes-iptables	Start Qubes base iptables firewall
#
# chkconfig: 2345 08 92
# description:	Loads iptables firewall
#
# config: /etc/qubes/iptables.rules
# config: /etc/qubes/ip6tables.rules
#
### BEGIN INIT INFO
# Provides: iptables
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Loads Qubes base iptables firewall
# Description: Loads Qubes base iptables firewall
### END INIT INFO

IPTABLES=iptables
IPTABLES_DATA_DIR=/etc/qubes

if [ ! -x /sbin/$IPTABLES ]; then
    echo $"${IPTABLES}: /sbin/$IPTABLES does not exist."
    exit 5
fi

start() {
    ipt=$1
    IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}.rules
    ipv6_enabled=
    if qubesdb-read /qubes-ip6 >/dev/null 2>&1 || \
        qubesdb-read /qubes-netvm-gateway6 >/dev/null 2>&1; then
        ipv6_enabled=true
    fi
    # if IPv6 is enabled, load alternative rules file
    if [ "$ipt" = "ip6tables" ] && [ -n "$ipv6_enabled" ]; then
        IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}-enabled.rules
    fi
    CMD=$ipt
    # Do not start if there is no config file.
    [ ! -f "$IPTABLES_DATA" ] && return 6

    CMD_ARGS=
    if "$CMD-restore" --help 2>&1 | grep -q wait=; then
        # 'wait' must be last on command line if secs not specified
        CMD_ARGS=--wait
    fi

    echo -n $"${CMD}: Applying firewall rules: "

    "$CMD-restore" "$IPTABLES_DATA" $CMD_ARGS
    ret="$?"
    if [ "$ret" -eq 0 ]; then
        echo OK
    else
        echo FAIL; return 1
    fi

    return $ret
}

case "$1" in
    start)
	start iptables && start ip6tables
	RETVAL=$?
	;;
    *)
	echo $"Usage: ${IPTABLES} start"
	RETVAL=2
	;;
esac

exit $RETVAL
qubes-vm-core: initial import from user-aports 2023-08-14 03:34:15 +00:00			`#!/bin/bash`
			`#`
			`# qubes-iptables Start Qubes base iptables firewall`
			`#`
			`# chkconfig: 2345 08 92`
			`# description: Loads iptables firewall`
			`#`
			`# config: /etc/qubes/iptables.rules`
			`# config: /etc/qubes/ip6tables.rules`
			`#`
			`### BEGIN INIT INFO`
			`# Provides: iptables`
			`# Required-Start:`
			`# Required-Stop:`
			`# Default-Start: 2 3 4 5`
			`# Default-Stop: 0 1 6`
			`# Short-Description: Loads Qubes base iptables firewall`
			`# Description: Loads Qubes base iptables firewall`
			`### END INIT INFO`

			`IPTABLES=iptables`
			`IPTABLES_DATA_DIR=/etc/qubes`

			`if [ ! -x /sbin/$IPTABLES ]; then`
			`echo $"${IPTABLES}: /sbin/$IPTABLES does not exist."`
			`exit 5`
			`fi`

			`start() {`
			`ipt=$1`
			`IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}.rules`
			`ipv6_enabled=`
			`if qubesdb-read /qubes-ip6 >/dev/null 2>&1 \|\| \`
			`qubesdb-read /qubes-netvm-gateway6 >/dev/null 2>&1; then`
			`ipv6_enabled=true`
			`fi`
			`# if IPv6 is enabled, load alternative rules file`
			`if [ "$ipt" = "ip6tables" ] && [ -n "$ipv6_enabled" ]; then`
			`IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}-enabled.rules`
			`fi`
			`CMD=$ipt`
			`# Do not start if there is no config file.`
			`[ ! -f "$IPTABLES_DATA" ] && return 6`

			`CMD_ARGS=`
			`if "$CMD-restore" --help 2>&1 \| grep -q wait=; then`
			`# 'wait' must be last on command line if secs not specified`
			`CMD_ARGS=--wait`
			`fi`

			`echo -n $"${CMD}: Applying firewall rules: "`

			`"$CMD-restore" "$IPTABLES_DATA" $CMD_ARGS`
			`ret="$?"`
			`if [ "$ret" -eq 0 ]; then`
			`echo OK`
			`else`
			`echo FAIL; return 1`
			`fi`

			`return $ret`
			`}`

			`case "$1" in`
			`start)`
			`start iptables && start ip6tables`
			`RETVAL=$?`
			`;;`
			`*)`
			`echo $"Usage: ${IPTABLES} start"`
			`RETVAL=2`
			`;;`
			`esac`

			`exit $RETVAL`