blob: f8f03fa2ffcc83cdaad3a9e61b6ae6d02b6061b5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
#!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
depend() {
before net
provide firewall
}
start() {
ebegin "Starting ufw"
_source_file || { eend $?; return $?; }
local enabled_in_cfg ret
_check_if_enabled_in_cfg
enabled_in_cfg=$?
# Avoid "Firewall already started, use 'force-reload'" message that
# appears if `ufw enable' had been run before start().
if _status_quiet; then
eend 0
return
fi
# The ufw_start function does the same: if ufw is disabled using `ufw disable',
# ufw_start would not start ufw and return 0, so let's handle this case.
case $enabled_in_cfg in
0)
ufw_start
ret=$?
eend $ret "Failed to start ufw."
;;
1)
# see /etc/conf.d/<name>
if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then
ret=1
eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first."
else
ret=0
eend 0
fi
;;
2)
ret=1
eend $ret "Failed to start ufw."
;;
esac
return $ret
}
stop() {
ebegin "Stopping ufw"
_source_file || { eend $?; return $?; }
local enabled_in_cfg ret
_check_if_enabled_in_cfg
enabled_in_cfg=$?
# Same as above (unless --force is passed to ufw_stop).
case $enabled_in_cfg in
0)
ufw_stop
ret=$?
;;
1)
einfo "INFO: ufw is configured to be disabled"
ufw_stop --force
ret=$?
;;
2)
ret=1
;;
esac
eend $ret "Failed to stop ufw."
return $ret
}
_status_quiet() {
# return values: 0 - started, 1 - stopped, 2 - error
# Does not execute _source_file.
local ret
ufw_status > /dev/null
ret=$?
# Return values for ufw_status come from /usr/share/ufw/ufw-init-functions.
case $ret in
0) return 0 ;;
3) return 1 ;;
*) return 2 ;;
esac
}
_source_file() {
local sourced_f="/usr/share/ufw/ufw-init-functions"
if [ ! -f "$sourced_f" ]; then
eerror "Cannot find file $sourced_f!"
return 1
fi
local _path=$PATH
if ! . "$sourced_f"; then
# PATH can be broken here, fix it...
PATH=$_path
eerror "Error sourcing file $sourced_f"
return 1
fi
if [ -z "$PATH" ]; then
PATH=$_path
else
PATH="${PATH}:${_path}"
fi
return 0
}
_check_if_enabled_in_cfg() {
# Check if user has enabled the firewall with "ufw enable".
# Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error.
local sourced_f="/etc/ufw/ufw.conf"
if [ ! -f "$sourced_f" ]; then
eerror "Cannot find file $sourced_f!"
return 2
fi
if ! . "$sourced_f"; then
eerror "Error sourcing file $sourced_f"
return 2
fi
if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
return 0
else
return 1
fi
}
|