firewall service handler

serghey-rodin · serghey-rodin · commit cb72d66886c5 · 2014-10-23T17:07:08.000+03:00
diff --git a/bin/v-restart-service b/bin/v-restart-service
@@ -27,9 +27,17 @@ check_args '1' "$#" 'SERVICE'
 #                       Action                             #
 #----------------------------------------------------------#
 
-service $service restart >/dev/null 2>&1
-if [ $? -ne 0 ]; then
-    exit $E_RESTART
+if [ "$service" != "iptables" ]; then
+    service $service restart >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        exit $E_RESTART
+    fi
+else
+    $BIN/v-stop-firewall
+    $BIN/v-update-firewall
+    if [ $? -ne 0 ]; then
+        exit $E_RESTART
+    fi
 fi
 
 
diff --git a/bin/v-start-service b/bin/v-start-service
@@ -27,9 +27,16 @@ check_args '1' "$#" 'SERVICE'
 #                       Action                             #
 #----------------------------------------------------------#
 
-service $service start >/dev/null 2>&1
-if [ $? -ne 0 ]; then
-    exit $E_RESTART
+if [ "$service" != 'iptables' ]; then
+    service $service start >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        exit $E_RESTART
+    fi
+else
+    $BIN/v-update-firewall
+    if [ $? -ne 0 ]; then
+        exit $E_RESTART
+    fi
 fi
 
 
diff --git a/bin/v-stop-firewall b/bin/v-stop-firewall
@@ -0,0 +1,71 @@
+#!/bin/bash
+# info: stop system firewall
+# options: NONE
+#
+# The function stops  iptables
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Defining absolute path for iptables and modprobe
+iptables="/sbin/iptables"
+modprobe="/sbin/modprobe"
+
+# Includes
+source /etc/profile.d/vesta.sh
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+#is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Creating temporary file
+tmp=$(mktemp)
+
+# Flushing INPUT chain
+echo "$iptables -P INPUT ACCEPT" >> $tmp
+echo "$iptables -F INPUT" >> $tmp
+
+# Deleting vesta chain
+echo "$iptables -X vesta" >> $tmp
+
+# Applying rules
+bash $tmp 2>/dev/null
+
+# Deleting temporary file
+rm -f $tmp
+
+# Saving rules to the master iptables file
+if [ -e "/etc/redhat-release" ]; then
+    /sbin/iptables-save > /etc/sysconfig/iptables
+    if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
+        /sbin/chkconfig iptables off
+    fi
+else
+    /sbin/iptables-save > /etc/iptables.rules
+    preup="/etc/network/if-pre-up.d/iptables"
+    if [ ! -e "$preup" ]; then
+        echo '#!/bin/sh' > $preup
+        echo "/sbin/iptables-restore < /etc/iptables.rules" >> $preup
+        echo "exit 0" >> $preup
+        chmod +x $preup
+    fi
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
diff --git a/bin/v-stop-service b/bin/v-stop-service
@@ -27,9 +27,16 @@ check_args '1' "$#" 'SERVICE'
 #                       Action                             #
 #----------------------------------------------------------#
 
-service $service stop >/dev/null 2>&1
-if [ $? -ne 0 ]; then
-    exit $E_RESTART
+if [ "$service" != 'iptables' ]; then
+    service $service stop >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        exit $E_RESTART
+    fi
+else
+    $BIN/v-stop-firewall
+    if [ $? -ne 0 ]; then
+        exit $E_RESTART
+    fi
 fi
 
 
