X-Git-Url: https://git.phdru.name/?a=blobdiff_plain;f=playbooks%2Froles%2Fredhat%2Ffirewall%2Ffiles%2Fetc%2Frc.d%2Finit.d%2Fiptables.sh;fp=playbooks%2Froles%2Fredhat%2Ffirewall%2Ffiles%2Fetc%2Frc.d%2Finit.d%2Fiptables.sh;h=72e43e68715942d0a3c61597a5d3131b2461e7b2;hb=424c41462e9f4f38fdf666f2180342a8268a95c7;hp=0000000000000000000000000000000000000000;hpb=412c5f3f80f4aadecce7e27f6d0f8616a665f48d;p=ansible.git

diff --git a/playbooks/roles/redhat/firewall/files/etc/rc.d/init.d/iptables.sh b/playbooks/roles/redhat/firewall/files/etc/rc.d/init.d/iptables.sh
new file mode 100755
index 0000000..72e43e6
--- /dev/null
+++ b/playbooks/roles/redhat/firewall/files/etc/rc.d/init.d/iptables.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          iptables.sh
+# Required-Start: $remote_fs $network
+# Required-Stop:  $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: iptables firewall
+### END INIT INFO
+
+# Setup ip firewall
+
+. /etc/network/functions.phd
+
+case "$1" in
+   start)
+      systemctl stop fail2ban.service
+
+      # Start afresh
+      $IPTABLES -F
+      $IPTABLES -F -t nat
+      $IPTABLES -F -t mangle
+
+      # Default policies
+      $IPTABLES -P INPUT DROP
+      $IPTABLES -P OUTPUT ACCEPT
+      $IPTABLES -P FORWARD DROP
+
+      start_firewall
+      /etc/rc.d/init.d/rc.masq
+      systemctl start fail2ban.service
+   ;;
+
+   stop)
+      systemctl stop fail2ban.service
+
+      $IPTABLES -F
+      $IPTABLES -F -t nat
+      $IPTABLES -F -t mangle
+      $IPTABLES -P INPUT DROP
+      $IPTABLES -P OUTPUT DROP
+      $IPTABLES -P FORWARD DROP
+   ;;
+
+   clear)
+      systemctl stop fail2ban.service
+
+      # Flush (delete) all rules
+      $IPTABLES -F
+      $IPTABLES -F -t nat
+      $IPTABLES -F -t mangle
+      $IPTABLES -P INPUT ACCEPT
+      $IPTABLES -P OUTPUT ACCEPT
+      $IPTABLES -P FORWARD ACCEPT
+   ;;
+
+   *)
+      echo "Usage: firewall {start|stop|clear}"
+      exit 1
+esac
+
+exit 0