#!/bin/bash reset() { iptables -D INPUT -j ffsys_in iptables -D OUTPUT -j ffsys_out iptables -D FORWARD -j ffsys_for iptables -F ffsys_in iptables -X ffsys_in iptables -F ffsys_out iptables -X ffsys_out iptables -F ffsys_for iptables -X ffsys_for iptables -F ffsys iptables -X ffsys } create() { iptables -N ffsys iptables -A ffsys -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT iptables -A ffsys -m state --state ESTABLISHED -j ACCEPT iptables -A ffsys -m state --state RELATED -j ACCEPT iptables -A ffsys -m state --state NEW -j RETURN iptables -A ffsys -j DROP iptables -N ffsys_in iptables -A ffsys_in -p icmp --icmp-type destination-unreachable -j ACCEPT iptables -A ffsys_in -j ffsys iptables -N ffsys_out iptables -A ffsys_out -p icmp --icmp-type destination-unreachable -j ACCEPT iptables -A ffsys_out -j ffsys grep nameserver /etc/resolv.conf | sed s/nameserver// | { while read ip ; do iptables -A ffsys_out -p udp --dport 53 -d $ip -j ACCEPT done } iptables -N ffsys_for iptables -A ffsys_for -j ffsys } activate() { iptables -A INPUT -j ffsys_in iptables -A OUTPUT -j ffsys_out iptables -A FORWARD -j ffsys_for } PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/local/sbin/fieryfilterd NAME=fieryfilterd DESC="FieryFilter daemon" test -x $DAEMON || exit 0 case "$1" in start) echo -n "Starting $DESC: $NAME" if pidof $DAEMON > /dev/null ; then echo " - already running." else modprobe iptable_filter modprobe ip_queue modprobe ip_conntrack_ftp reset 2> /dev/null create activate rm -f /tmp/fieryfilter ( $DAEMON 2>&1 ) | logger -p daemon.info -t fieryfilterd & disown echo "." fi ;; stop) echo -n "Stopping $DESC: $NAME" if pidof $DAEMON > /dev/null ; then killall -INT fieryfilterd reset 2> /dev/null echo "." else echo " - not running." fi ;; restart|force-reload) $0 stop sleep 2 $1 start ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0