X-Git-Url: https://git.phdru.name/?a=blobdiff_plain;f=playbooks%2Fdebian%2Froles%2Ffirewall%2Ffiles%2Fetc%2Finit.d%2Fiptables.sh;fp=playbooks%2Fdebian%2Froles%2Ffirewall%2Ffiles%2Fetc%2Finit.d%2Fiptables.sh;h=64fd5c1820d1e536e071984994ae3c12f19022c7;hb=2f99edf4242d4378f68da2b4d77efb8aa33bd445;hp=0000000000000000000000000000000000000000;hpb=e04e6116652d0496b51bd2dec7507c5fac209d73;p=ansible.git

diff --git a/playbooks/debian/roles/firewall/files/etc/init.d/iptables.sh b/playbooks/debian/roles/firewall/files/etc/init.d/iptables.sh
new file mode 100755
index 0000000..64fd5c1
--- /dev/null
+++ b/playbooks/debian/roles/firewall/files/etc/init.d/iptables.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          iptables.sh
+# Required-Start: $remote_fs $network
+# Required-Stop:  $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: iptables firewall
+### END INIT INFO
+
+# Setup ip firewall
+
+. /etc/network/functions.phd
+
+case "$1" in
+   start)
+      /etc/init.d/fail2ban stop
+
+      # Start afresh
+      $IPTABLES -F
+      $IPTABLES -F -t nat
+      $IPTABLES -F -t mangle
+
+      # Default policies
+      $IPTABLES -P INPUT DROP
+      $IPTABLES -P OUTPUT ACCEPT
+      $IPTABLES -P FORWARD DROP
+
+      start_firewall
+      /etc/init.d/rc.masq
+      /etc/init.d/fail2ban start
+   ;;
+
+   stop)
+      /etc/init.d/fail2ban stop
+
+      $IPTABLES -F
+      $IPTABLES -F -t nat
+      $IPTABLES -F -t mangle
+      $IPTABLES -P INPUT DROP
+      $IPTABLES -P OUTPUT DROP
+      $IPTABLES -P FORWARD DROP
+   ;;
+
+   clear)
+      /etc/init.d/fail2ban stop
+
+      # Flush (delete) all rules
+      $IPTABLES -F
+      $IPTABLES -F -t nat
+      $IPTABLES -F -t mangle
+      $IPTABLES -P INPUT ACCEPT
+      $IPTABLES -P OUTPUT ACCEPT
+      $IPTABLES -P FORWARD ACCEPT
+   ;;
+
+   *)
+      echo "Usage: firewall {start|stop|clear}"
+      exit 1
+esac
+
+exit 0