| 4 |
- |
1 |
#!/bin/sh
|
|
|
2 |
#
|
|
|
3 |
# ip6tables Start ip6tables firewall
|
|
|
4 |
#
|
|
|
5 |
# chkconfig: 2345 08 92
|
|
|
6 |
# description: Starts, stops and saves ip6tables firewall
|
|
|
7 |
#
|
|
|
8 |
# config: /etc/sysconfig/ip6tables
|
|
|
9 |
# config: /etc/sysconfig/ip6tables-config
|
|
|
10 |
#
|
|
|
11 |
### BEGIN INIT INFO
|
|
|
12 |
# Provides: ip6tables
|
|
|
13 |
# Required-Start:
|
|
|
14 |
# Required-Stop:
|
|
|
15 |
# Default-Start: 2 3 4 5
|
|
|
16 |
# Default-Stop: 0 1 6
|
|
|
17 |
# Short-Description: start and stop ip6tables firewall
|
|
|
18 |
# Description: Start, stop and save ip6tables firewall
|
|
|
19 |
### END INIT INFO
|
|
|
20 |
|
|
|
21 |
# Source function library.
|
|
|
22 |
. /etc/init.d/functions
|
|
|
23 |
|
|
|
24 |
IP6TABLES=ip6tables
|
|
|
25 |
IP6TABLES_DATA=/etc/sysconfig/$IP6TABLES
|
|
|
26 |
IP6TABLES_FALLBACK_DATA=${IP6TABLES_DATA}.fallback
|
|
|
27 |
IP6TABLES_CONFIG=/etc/sysconfig/${IP6TABLES}-config
|
|
|
28 |
IPV=${IP6TABLES%tables} # ip for ipv4 | ip6 for ipv6
|
|
|
29 |
[ "$IPV" = "ip" ] && _IPV="ipv4" || _IPV="ipv6"
|
|
|
30 |
PROC_IP6TABLES_NAMES=/proc/net/${IPV}_tables_names
|
|
|
31 |
VAR_SUBSYS_IP6TABLES=/var/lock/subsys/$IP6TABLES
|
|
|
32 |
|
|
|
33 |
# only usable for root
|
| 34 |
- |
34 |
if [ $EUID != 0 ]; then
|
|
|
35 |
echo -n $"${IP6TABLES}: Only usable by root."; warning; echo
|
|
|
36 |
exit 4
|
|
|
37 |
fi
|
| 4 |
- |
38 |
|
|
|
39 |
if [ ! -x /sbin/$IP6TABLES ]; then
|
|
|
40 |
echo -n $"${IP6TABLES}: /sbin/$IP6TABLES does not exist."; warning; echo
|
|
|
41 |
exit 5
|
|
|
42 |
fi
|
|
|
43 |
|
|
|
44 |
# Old or new modutils
|
|
|
45 |
/sbin/modprobe --version 2>&1 | grep -q module-init-tools \
|
|
|
46 |
&& NEW_MODUTILS=1 \
|
|
|
47 |
|| NEW_MODUTILS=0
|
|
|
48 |
|
|
|
49 |
# Default firewall configuration:
|
|
|
50 |
IP6TABLES_MODULES=""
|
|
|
51 |
IP6TABLES_MODULES_UNLOAD="yes"
|
|
|
52 |
IP6TABLES_SAVE_ON_STOP="no"
|
|
|
53 |
IP6TABLES_SAVE_ON_RESTART="no"
|
|
|
54 |
IP6TABLES_SAVE_COUNTER="no"
|
|
|
55 |
IP6TABLES_STATUS_NUMERIC="yes"
|
|
|
56 |
IP6TABLES_STATUS_VERBOSE="no"
|
|
|
57 |
IP6TABLES_STATUS_LINENUMBERS="yes"
|
|
|
58 |
IP6TABLES_SYSCTL_LOAD_LIST=""
|
|
|
59 |
|
|
|
60 |
# Load firewall configuration.
|
|
|
61 |
[ -f "$IP6TABLES_CONFIG" ] && . "$IP6TABLES_CONFIG"
|
|
|
62 |
|
|
|
63 |
# Netfilter modules
|
|
|
64 |
NF_MODULES=($(lsmod | awk "/^${IPV}table_/ {print \$1}") ${IPV}_tables)
|
|
|
65 |
NF_MODULES_COMMON=(x_tables nf_nat nf_conntrack) # Used by netfilter v4 and v6
|
|
|
66 |
|
|
|
67 |
# Get active tables
|
|
|
68 |
NF_TABLES=$(cat "$PROC_IP6TABLES_NAMES" 2>/dev/null)
|
|
|
69 |
|
|
|
70 |
|
|
|
71 |
rmmod_r() {
|
|
|
72 |
# Unload module with all referring modules.
|
|
|
73 |
# At first all referring modules will be unloaded, then the module itself.
|
|
|
74 |
local mod=$1
|
|
|
75 |
local ret=0
|
|
|
76 |
local ref=
|
|
|
77 |
|
|
|
78 |
# Get referring modules.
|
|
|
79 |
# New modutils have another output format.
|
|
|
80 |
[ $NEW_MODUTILS = 1 ] \
|
|
|
81 |
&& ref=$(lsmod | awk "/^${mod}/ { print \$4; }" | tr ',' ' ') \
|
|
|
82 |
|| ref=$(lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1)
|
|
|
83 |
|
|
|
84 |
# recursive call for all referring modules
|
|
|
85 |
for i in $ref; do
|
|
|
86 |
rmmod_r $i
|
|
|
87 |
let ret+=$?;
|
|
|
88 |
done
|
|
|
89 |
|
|
|
90 |
# Unload module.
|
|
|
91 |
# The extra test is for 2.6: The module might have autocleaned,
|
|
|
92 |
# after all referring modules are unloaded.
|
|
|
93 |
if grep -q "^${mod}" /proc/modules ; then
|
|
|
94 |
modprobe -r $mod > /dev/null 2>&1
|
|
|
95 |
res=$?
|
|
|
96 |
[ $res -eq 0 ] || echo -n " $mod"
|
|
|
97 |
let ret+=$res;
|
|
|
98 |
fi
|
|
|
99 |
|
|
|
100 |
return $ret
|
|
|
101 |
}
|
|
|
102 |
|
|
|
103 |
flush_n_delete() {
|
|
|
104 |
# Flush firewall rules and delete chains.
|
|
|
105 |
[ ! -e "$PROC_IP6TABLES_NAMES" ] && return 0
|
|
|
106 |
|
|
|
107 |
# Check if firewall is configured (has tables)
|
|
|
108 |
[ -z "$NF_TABLES" ] && return 1
|
|
|
109 |
|
|
|
110 |
echo -n $"${IP6TABLES}: Flushing firewall rules: "
|
|
|
111 |
ret=0
|
|
|
112 |
# For all tables
|
|
|
113 |
for i in $NF_TABLES; do
|
|
|
114 |
# Flush firewall rules.
|
|
|
115 |
$IP6TABLES -t $i -F;
|
|
|
116 |
let ret+=$?;
|
|
|
117 |
|
|
|
118 |
# Delete firewall chains.
|
|
|
119 |
$IP6TABLES -t $i -X;
|
|
|
120 |
let ret+=$?;
|
|
|
121 |
|
|
|
122 |
# Set counter to zero.
|
|
|
123 |
$IP6TABLES -t $i -Z;
|
|
|
124 |
let ret+=$?;
|
|
|
125 |
done
|
|
|
126 |
|
|
|
127 |
[ $ret -eq 0 ] && success || failure
|
|
|
128 |
echo
|
|
|
129 |
return $ret
|
|
|
130 |
}
|
|
|
131 |
|
|
|
132 |
set_policy() {
|
|
|
133 |
# Set policy for configured tables.
|
|
|
134 |
policy=$1
|
|
|
135 |
|
|
|
136 |
# Check if iptable module is loaded
|
|
|
137 |
[ ! -e "$PROC_IP6TABLES_NAMES" ] && return 0
|
|
|
138 |
|
|
|
139 |
# Check if firewall is configured (has tables)
|
|
|
140 |
tables=$(cat "$PROC_IP6TABLES_NAMES" 2>/dev/null)
|
|
|
141 |
[ -z "$tables" ] && return 1
|
|
|
142 |
|
|
|
143 |
echo -n $"${IP6TABLES}: Setting chains to policy $policy: "
|
|
|
144 |
ret=0
|
|
|
145 |
for i in $tables; do
|
|
|
146 |
echo -n "$i "
|
|
|
147 |
case "$i" in
|
|
|
148 |
raw)
|
|
|
149 |
$IP6TABLES -t raw -P PREROUTING $policy \
|
|
|
150 |
&& $IP6TABLES -t raw -P OUTPUT $policy \
|
|
|
151 |
|| let ret+=1
|
|
|
152 |
;;
|
|
|
153 |
filter)
|
|
|
154 |
$IP6TABLES -t filter -P INPUT $policy \
|
|
|
155 |
&& $IP6TABLES -t filter -P OUTPUT $policy \
|
|
|
156 |
&& $IP6TABLES -t filter -P FORWARD $policy \
|
|
|
157 |
|| let ret+=1
|
|
|
158 |
;;
|
|
|
159 |
nat)
|
|
|
160 |
$IP6TABLES -t nat -P PREROUTING $policy \
|
|
|
161 |
&& $IP6TABLES -t nat -P POSTROUTING $policy \
|
|
|
162 |
&& $IP6TABLES -t nat -P OUTPUT $policy \
|
|
|
163 |
|| let ret+=1
|
|
|
164 |
;;
|
|
|
165 |
mangle)
|
|
|
166 |
$IP6TABLES -t mangle -P PREROUTING $policy \
|
|
|
167 |
&& $IP6TABLES -t mangle -P POSTROUTING $policy \
|
|
|
168 |
&& $IP6TABLES -t mangle -P INPUT $policy \
|
|
|
169 |
&& $IP6TABLES -t mangle -P OUTPUT $policy \
|
|
|
170 |
&& $IP6TABLES -t mangle -P FORWARD $policy \
|
|
|
171 |
|| let ret+=1
|
|
|
172 |
;;
|
|
|
173 |
*)
|
|
|
174 |
let ret+=1
|
|
|
175 |
;;
|
|
|
176 |
esac
|
|
|
177 |
done
|
|
|
178 |
|
|
|
179 |
[ $ret -eq 0 ] && success || failure
|
|
|
180 |
echo
|
|
|
181 |
return $ret
|
|
|
182 |
}
|
|
|
183 |
|
|
|
184 |
load_sysctl() {
|
|
|
185 |
# load matched sysctl values
|
|
|
186 |
if [ -n "$IP6TABLES_SYSCTL_LOAD_LIST" ]; then
|
|
|
187 |
echo -n $"Loading sysctl settings: "
|
|
|
188 |
ret=0
|
|
|
189 |
for item in $IP6TABLES_SYSCTL_LOAD_LIST; do
|
|
|
190 |
fgrep $item /etc/sysctl.conf | sysctl -p - >/dev/null
|
|
|
191 |
let ret+=$?;
|
|
|
192 |
done
|
|
|
193 |
[ $ret -eq 0 ] && success || failure
|
|
|
194 |
echo
|
|
|
195 |
fi
|
|
|
196 |
return $ret
|
|
|
197 |
}
|
|
|
198 |
|
|
|
199 |
start() {
|
|
|
200 |
# Do not start if there is no config file.
|
| 34 |
- |
201 |
if [ ! -f "$IP6TABLES_DATA" ]; then
|
|
|
202 |
echo -n $"${IP6TABLES}: No config file."; warning; echo
|
|
|
203 |
return 6
|
|
|
204 |
fi
|
| 4 |
- |
205 |
|
|
|
206 |
# check if ipv6 module load is deactivated
|
|
|
207 |
if [ "${_IPV}" = "ipv6" ] \
|
|
|
208 |
&& grep -qIsE "^install[[:space:]]+${_IPV}[[:space:]]+/bin/(true|false)" /etc/modprobe.conf /etc/modprobe.d/* ; then
|
|
|
209 |
echo $"${IP6TABLES}: ${_IPV} is disabled."
|
|
|
210 |
return 150
|
|
|
211 |
fi
|
|
|
212 |
|
|
|
213 |
echo -n $"${IP6TABLES}: Applying firewall rules: "
|
|
|
214 |
|
|
|
215 |
OPT=
|
|
|
216 |
[ "x$IP6TABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
|
|
|
217 |
|
|
|
218 |
$IP6TABLES-restore $OPT $IP6TABLES_DATA
|
|
|
219 |
if [ $? -eq 0 ]; then
|
|
|
220 |
success; echo
|
|
|
221 |
else
|
|
|
222 |
failure; echo;
|
|
|
223 |
if [ -f "$IP6TABLES_FALLBACK_DATA" ]; then
|
|
|
224 |
echo -n $"${IP6TABLES}: Applying firewall fallback rules: "
|
|
|
225 |
$IP6TABLES-restore $OPT $IP6TABLES_FALLBACK_DATA
|
|
|
226 |
if [ $? -eq 0 ]; then
|
|
|
227 |
success; echo
|
|
|
228 |
else
|
|
|
229 |
failure; echo; return 1
|
|
|
230 |
fi
|
|
|
231 |
else
|
|
|
232 |
return 1
|
|
|
233 |
fi
|
|
|
234 |
fi
|
|
|
235 |
|
|
|
236 |
# Load additional modules (helpers)
|
|
|
237 |
if [ -n "$IP6TABLES_MODULES" ]; then
|
|
|
238 |
echo -n $"${IP6TABLES}: Loading additional modules: "
|
|
|
239 |
ret=0
|
|
|
240 |
for mod in $IP6TABLES_MODULES; do
|
|
|
241 |
echo -n "$mod "
|
|
|
242 |
modprobe $mod > /dev/null 2>&1
|
|
|
243 |
let ret+=$?;
|
|
|
244 |
done
|
|
|
245 |
[ $ret -eq 0 ] && success || failure
|
|
|
246 |
echo
|
|
|
247 |
fi
|
|
|
248 |
|
|
|
249 |
# Load sysctl settings
|
|
|
250 |
load_sysctl
|
|
|
251 |
|
|
|
252 |
touch $VAR_SUBSYS_IP6TABLES
|
|
|
253 |
return $ret
|
|
|
254 |
}
|
|
|
255 |
|
|
|
256 |
stop() {
|
|
|
257 |
# Do not stop if ip6tables module is not loaded.
|
|
|
258 |
[ ! -e "$PROC_IP6TABLES_NAMES" ] && return 0
|
|
|
259 |
|
|
|
260 |
# Set default chain policy to ACCEPT, in order to not break shutdown
|
|
|
261 |
# on systems where the default policy is DROP and root device is
|
|
|
262 |
# network-based (i.e.: iSCSI, NFS)
|
|
|
263 |
set_policy ACCEPT
|
|
|
264 |
# And then, flush the rules and delete chains
|
|
|
265 |
flush_n_delete
|
|
|
266 |
|
|
|
267 |
if [ "x$IP6TABLES_MODULES_UNLOAD" = "xyes" ]; then
|
|
|
268 |
echo -n $"${IP6TABLES}: Unloading modules: "
|
|
|
269 |
ret=0
|
|
|
270 |
for mod in ${NF_MODULES[*]}; do
|
|
|
271 |
rmmod_r $mod
|
|
|
272 |
let ret+=$?;
|
|
|
273 |
done
|
|
|
274 |
# try to unload remaining netfilter modules used by ipv4 and ipv6
|
|
|
275 |
# netfilter
|
|
|
276 |
for mod in ${NF_MODULES_COMMON[*]}; do
|
|
|
277 |
rmmod_r $mod >/dev/null
|
|
|
278 |
done
|
|
|
279 |
[ $ret -eq 0 ] && success || failure
|
|
|
280 |
echo
|
|
|
281 |
fi
|
|
|
282 |
|
|
|
283 |
rm -f $VAR_SUBSYS_IP6TABLES
|
|
|
284 |
return $ret
|
|
|
285 |
}
|
|
|
286 |
|
|
|
287 |
save() {
|
|
|
288 |
# Check if iptable module is loaded
|
| 34 |
- |
289 |
if [ ! -e "$PROC_IP6TABLES_NAMES" ]; then
|
|
|
290 |
echo -n $"${IP6TABLES}: Nothing to save."; warning; echo
|
|
|
291 |
return 0
|
|
|
292 |
fi
|
| 4 |
- |
293 |
|
|
|
294 |
# Check if firewall is configured (has tables)
|
| 34 |
- |
295 |
if [ -z "$NF_TABLES" ]; then
|
|
|
296 |
echo -n $"${IP6TABLES}: Nothing to save."; warning; echo
|
|
|
297 |
return 6
|
|
|
298 |
fi
|
| 4 |
- |
299 |
|
|
|
300 |
echo -n $"${IP6TABLES}: Saving firewall rules to $IP6TABLES_DATA: "
|
|
|
301 |
|
|
|
302 |
OPT=
|
|
|
303 |
[ "x$IP6TABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
|
|
|
304 |
|
|
|
305 |
ret=0
|
|
|
306 |
TMP_FILE=$(/bin/mktemp -q $IP6TABLES_DATA.XXXXXX) \
|
|
|
307 |
&& chmod 600 "$TMP_FILE" \
|
|
|
308 |
&& $IP6TABLES-save $OPT > $TMP_FILE 2>/dev/null \
|
|
|
309 |
&& size=$(stat -c '%s' $TMP_FILE) && [ $size -gt 0 ] \
|
|
|
310 |
|| ret=1
|
|
|
311 |
if [ $ret -eq 0 ]; then
|
|
|
312 |
if [ -e $IP6TABLES_DATA ]; then
|
|
|
313 |
cp -f $IP6TABLES_DATA $IP6TABLES_DATA.save \
|
|
|
314 |
&& chmod 600 $IP6TABLES_DATA.save \
|
|
|
315 |
&& restorecon $IP6TABLES_DATA.save \
|
|
|
316 |
|| ret=1
|
|
|
317 |
fi
|
|
|
318 |
if [ $ret -eq 0 ]; then
|
|
|
319 |
mv -f $TMP_FILE $IP6TABLES_DATA \
|
|
|
320 |
&& chmod 600 $IP6TABLES_DATA \
|
|
|
321 |
&& restorecon $IP6TABLES_DATA \
|
|
|
322 |
|| ret=1
|
|
|
323 |
fi
|
|
|
324 |
fi
|
|
|
325 |
rm -f $TMP_FILE
|
|
|
326 |
[ $ret -eq 0 ] && success || failure
|
|
|
327 |
echo
|
|
|
328 |
return $ret
|
|
|
329 |
}
|
|
|
330 |
|
|
|
331 |
status() {
|
|
|
332 |
if [ ! -f "$VAR_SUBSYS_IP6TABLES" -a -z "$NF_TABLES" ]; then
|
|
|
333 |
echo $"${IP6TABLES}: Firewall is not running."
|
|
|
334 |
return 3
|
|
|
335 |
fi
|
|
|
336 |
|
|
|
337 |
# Do not print status if lockfile is missing and ip6tables modules are not
|
|
|
338 |
# loaded.
|
|
|
339 |
# Check if iptable modules are loaded
|
|
|
340 |
if [ ! -e "$PROC_IP6TABLES_NAMES" ]; then
|
|
|
341 |
echo $"${IP6TABLES}: Firewall modules are not loaded."
|
|
|
342 |
return 3
|
|
|
343 |
fi
|
|
|
344 |
|
|
|
345 |
# Check if firewall is configured (has tables)
|
|
|
346 |
if [ -z "$NF_TABLES" ]; then
|
|
|
347 |
echo $"${IP6TABLES}: Firewall is not configured. "
|
|
|
348 |
return 3
|
|
|
349 |
fi
|
|
|
350 |
|
|
|
351 |
NUM=
|
|
|
352 |
[ "x$IP6TABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
|
|
|
353 |
VERBOSE=
|
|
|
354 |
[ "x$IP6TABLES_STATUS_VERBOSE" = "xyes" ] && VERBOSE="--verbose"
|
|
|
355 |
COUNT=
|
|
|
356 |
[ "x$IP6TABLES_STATUS_LINENUMBERS" = "xyes" ] && COUNT="--line-numbers"
|
|
|
357 |
|
|
|
358 |
for table in $NF_TABLES; do
|
|
|
359 |
echo $"Table: $table"
|
|
|
360 |
$IP6TABLES -t $table --list $NUM $VERBOSE $COUNT && echo
|
|
|
361 |
done
|
|
|
362 |
|
|
|
363 |
return 0
|
|
|
364 |
}
|
|
|
365 |
|
|
|
366 |
reload() {
|
|
|
367 |
# Do not reload if there is no config file.
|
| 34 |
- |
368 |
if [ ! -f "$IP6TABLES_DATA" ]; then
|
|
|
369 |
echo -n $"${IP6TABLES}: No config file."; warning; echo
|
|
|
370 |
return 6
|
|
|
371 |
fi
|
| 4 |
- |
372 |
|
|
|
373 |
# check if ipv6 module load is deactivated
|
|
|
374 |
if [ "${_IPV}" = "ipv6" ] \
|
|
|
375 |
&& grep -qIsE "^install[[:space:]]+${_IPV}[[:space:]]+/bin/(true|false)" /etc/modprobe.conf /etc/modprobe.d/* ; then
|
|
|
376 |
echo $"${IP6TABLES}: ${_IPV} is disabled."
|
|
|
377 |
return 150
|
|
|
378 |
fi
|
|
|
379 |
|
|
|
380 |
echo -n $"${IP6TABLES}: Trying to reload firewall rules: "
|
|
|
381 |
|
|
|
382 |
OPT=
|
|
|
383 |
[ "x$IP6TABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
|
|
|
384 |
|
|
|
385 |
$IP6TABLES-restore $OPT $IP6TABLES_DATA
|
|
|
386 |
if [ $? -eq 0 ]; then
|
|
|
387 |
success; echo
|
|
|
388 |
else
|
|
|
389 |
failure; echo; echo "Firewall rules are not changed."; return 1
|
|
|
390 |
fi
|
|
|
391 |
|
|
|
392 |
# Load additional modules (helpers)
|
|
|
393 |
if [ -n "$IP6TABLES_MODULES" ]; then
|
|
|
394 |
echo -n $"${IP6TABLES}: Loading additional modules: "
|
|
|
395 |
ret=0
|
|
|
396 |
for mod in $IP6TABLES_MODULES; do
|
|
|
397 |
echo -n "$mod "
|
|
|
398 |
modprobe $mod > /dev/null 2>&1
|
|
|
399 |
let ret+=$?;
|
|
|
400 |
done
|
|
|
401 |
[ $ret -eq 0 ] && success || failure
|
|
|
402 |
echo
|
|
|
403 |
fi
|
|
|
404 |
|
|
|
405 |
# Load sysctl settings
|
|
|
406 |
load_sysctl
|
|
|
407 |
|
|
|
408 |
return $ret
|
|
|
409 |
}
|
|
|
410 |
|
|
|
411 |
restart() {
|
|
|
412 |
[ "x$IP6TABLES_SAVE_ON_RESTART" = "xyes" ] && save
|
|
|
413 |
stop
|
|
|
414 |
start
|
|
|
415 |
}
|
|
|
416 |
|
|
|
417 |
|
|
|
418 |
case "$1" in
|
|
|
419 |
start)
|
|
|
420 |
[ -f "$VAR_SUBSYS_IP6TABLES" ] && exit 0
|
|
|
421 |
start
|
|
|
422 |
RETVAL=$?
|
|
|
423 |
;;
|
|
|
424 |
stop)
|
|
|
425 |
[ "x$IP6TABLES_SAVE_ON_STOP" = "xyes" ] && save
|
|
|
426 |
stop
|
|
|
427 |
RETVAL=$?
|
|
|
428 |
;;
|
|
|
429 |
restart|force-reload)
|
|
|
430 |
restart
|
|
|
431 |
RETVAL=$?
|
|
|
432 |
;;
|
|
|
433 |
reload)
|
|
|
434 |
[ -e "$VAR_SUBSYS_IP6TABLES" ] && reload
|
|
|
435 |
RETVAL=$?
|
|
|
436 |
;;
|
|
|
437 |
condrestart|try-restart)
|
|
|
438 |
[ ! -e "$VAR_SUBSYS_IP6TABLES" ] && exit 0
|
|
|
439 |
restart
|
|
|
440 |
RETVAL=$?
|
|
|
441 |
;;
|
|
|
442 |
status)
|
|
|
443 |
status
|
|
|
444 |
RETVAL=$?
|
|
|
445 |
;;
|
|
|
446 |
panic)
|
|
|
447 |
set_policy DROP
|
|
|
448 |
RETVAL=$?
|
|
|
449 |
;;
|
|
|
450 |
save)
|
|
|
451 |
save
|
|
|
452 |
RETVAL=$?
|
|
|
453 |
;;
|
|
|
454 |
*)
|
|
|
455 |
echo $"Usage: ${IP6TABLES} {start|stop|reload|restart|condrestart|status|panic|save}"
|
|
|
456 |
RETVAL=2
|
|
|
457 |
;;
|
|
|
458 |
esac
|
|
|
459 |
|
|
|
460 |
exit $RETVAL
|