#!/bin/sh # # ipkungfu startup script # # chkconfig: 2345 98 92 # # description: Starts the ipkungfu firewall # # some little mdk by Scherer Michael <scherer.michael@free.fr> # main script : Rocco Stanzione, based on the iptables script: # Script Author: Rocco Stanzione <grasshopper@linuxkungfu.org> # # Source 'em up . /etc/init.d/functions IPKF_CONFIG=/etc/ipkungfu/ipkungfu.conf IPKF_EXE=/usr/sbin/ipkungfu IPKF_TO_CONFIG=/etc/sysconfig/ipkungfu if [ -f $IPKF_TO_CONFIG ]; then . $IPKF_TO_CONFIG fi if [ ! -x $IPKF_EXE ]; then exit 0 fi KERNELMAJ=`uname -r | sed -e 's,\..*,,'` KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'` if [ "$KERNELMAJ" -lt 2 ] ; then exit 0 fi if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then exit 0 fi if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then gprintf "ipchains module loaded. Aborting. Try rmmod ipchains and try again.\n" exit 0 fi start() { # make sure that iptables matches the kernel if [ -f /etc/init.d/iptables ]; then service iptables check fi # don't do squat if we don't have the config file if [ "$IPKF_CONFIGURATED" == "yes" ]; then gprintf "Starting ipkungfu: " $IPKF_EXE --init && success || failure RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ipkungfu echo return $RETVAL else gprintf "You need to configure ipkungfu, please edit %s\n" "$IPKF_TO_CONFIG" failure fi } stop() { if [ -f /var/lock/subsys/ipkungfu ] ; then gprintf "Stopping ipkungfu: " # it show 2 times the OK, since stop show once, and ipkungfu too. $IPKF_EXE --disable && success || failure RETVAL=$? rm -f /var/lock/subsys/ipkungfu echo return $RETVAL fi } case "$1" in start) start ;; restart|reload) # "restart" is really just "start" as this isn't a daemon, # and "start" clears any pre-defined rules anyway. # This is really only here to make those who expect it happy stop ; start; ;; stop) stop ;; status) $IPKF_EXE --check ;; panic) $IPKF_EXE --panic ;; *) printf "Usage: %s {start|stop|restart|status|panic}\n" "$0" exit 1 esac exit 0