Feat(RedHat): Add RedHat and redhatoids playbooks and roles

[ansible.git] / playbooks / redhat / roles / firewall / files / etc / rc.d / init.d / iptables.sh

diff --git a/playbooks/redhat/roles/firewall/files/etc/rc.d/init.d/iptables.sh b/playbooks/redhat/roles/firewall/files/etc/rc.d/init.d/iptables.sh
new file mode 100755 (executable)
index 0000000..72e43e6
--- /dev/null
+++ b/playbooks/redhat/roles/firewall/files/etc/rc.d/init.d/iptables.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          iptables.sh
+# Required-Start: $remote_fs $network
+# Required-Stop:  $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: iptables firewall
+### END INIT INFO
+
+# Setup ip firewall
+
+. /etc/network/functions.phd
+
+case "$1" in
+   start)
+      systemctl stop fail2ban.service
+
+      # Start afresh
+      $IPTABLES -F
+      $IPTABLES -F -t nat
+      $IPTABLES -F -t mangle
+
+      # Default policies
+      $IPTABLES -P INPUT DROP
+      $IPTABLES -P OUTPUT ACCEPT
+      $IPTABLES -P FORWARD DROP
+
+      start_firewall
+      /etc/rc.d/init.d/rc.masq
+      systemctl start fail2ban.service
+   ;;
+
+   stop)
+      systemctl stop fail2ban.service
+
+      $IPTABLES -F
+      $IPTABLES -F -t nat
+      $IPTABLES -F -t mangle
+      $IPTABLES -P INPUT DROP
+      $IPTABLES -P OUTPUT DROP
+      $IPTABLES -P FORWARD DROP
+   ;;
+
+   clear)
+      systemctl stop fail2ban.service
+
+      # Flush (delete) all rules
+      $IPTABLES -F
+      $IPTABLES -F -t nat
+      $IPTABLES -F -t mangle
+      $IPTABLES -P INPUT ACCEPT
+      $IPTABLES -P OUTPUT ACCEPT
+      $IPTABLES -P FORWARD ACCEPT
+   ;;
+
+   *)
+      echo "Usage: firewall {start|stop|clear}"
+      exit 1
+esac
+
+exit 0