#!/bin/sh
########################################################################
# Begin iptables
#
# chkconfig:	2345 08 92
# Description : Start iptables
#
# Authors     : Ken Moffat - ken@linuxfromscratch.org
#               Bruce Dubbs - bdubbs@linuxfromscratch.org
#
# Version     : LFS 7.0
#
########################################################################

### BEGIN INIT INFO
# Provides:          $iptables
# Required-Start:    network
# Should-Start:
# Required-Stop:     
# Should-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Loads iptables rules.
# Description:       Iptables provides firewall for Linux systems.
# X-LFS-Provided-By: BLFS / LFS 7.0
### END INIT INFO

. /lib/lsb/init-functions

#shell script name
IPTABLES=iptables
IPTABLES_DATA=/etc/sysconfig/$IPTABLES

. $IPTABLES_DATA-config

tbl_start ()


{
if [ ! -f "$IPTABLES_DATA" ]; then
  log_warning_msg "${IPTABLES}: No config file \"$IPTABLES_DATA\""
  exit 5
else 
  log_info_msg "Setting system IPV4 iptables up,..."
  for iptmod in $IPTABLES_MODULES
    do
    modprobe $iptmod	    
    done
  $IPTABLES-restore $OPT $IPTABLES_DATA;
  evaluate_retval
fi
}

tbl_stop ()

{
log_info_msg "Clearing system IPV4 iptables..."
$IPTABLES --policy INPUT   ACCEPT
$IPTABLES --policy OUTPUT  ACCEPT
$IPTABLES --policy FORWARD ACCEPT
$IPTABLES 		--flush
$IPTABLES -t nat	--flush
$IPTABLES -t mangle	--flush
$IPTABLES		--delete-chain
$IPTABLES -t nat	--delete-chain
$IPTABLES -t mangle	--delete-chain
evaluate_retval
}

# only usable for root
if [ $EUID != 0 ]; then
  log_info_msg "${IPTABLES}: Only usable by root.";
  evaluate_retval
  exit 4
  fi

if [ ! -x /usr/sbin/$IPTABLES ]; then
  log_info_msg "${IPTABLES}: /usr/sbin/$IPTABLES does not exist.";
  evaluate_retval
  exit 5
  fi

case "$1" in
    start)
      tbl_start;
      ;;

    stop)
      tbl_stop;
      ;;

    restart)
      tbl_stop;
      tbl_start;
      ;;

    status)
	log_info_msg2 "$IPTABLES status..."
        $IPTABLES	--numeric --list
        $IPTABLES	-t nat    --numeric --list
        $IPTABLES	-t mangle --numeric --list
        ;;

    *)
        echo "Usage: $0 {start|clear|lock|status}"
        exit 1
        ;;
esac

# End /etc/init.d/iptables

