#!/sbin/openrc-run # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 depend() { before net provide firewall } start() { ebegin "Starting ufw" _source_file || { eend $?; return $?; } local enabled_in_cfg ret _check_if_enabled_in_cfg enabled_in_cfg=$? # Avoid "Firewall already started, use 'force-reload'" message that # appears if `ufw enable' had been run before start(). if _status_quiet; then eend 0 return fi # The ufw_start function does the same: if ufw is disabled using `ufw disable', # ufw_start would not start ufw and return 0, so let's handle this case. case $enabled_in_cfg in 0) ufw_start ret=$? eend $ret "Failed to start ufw." ;; 1) # see /etc/conf.d/<name> if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then ret=1 eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first." else ret=0 eend 0 fi ;; 2) ret=1 eend $ret "Failed to start ufw." ;; esac return $ret } stop() { ebegin "Stopping ufw" _source_file || { eend $?; return $?; } local enabled_in_cfg ret _check_if_enabled_in_cfg enabled_in_cfg=$? # Same as above (unless --force is passed to ufw_stop). case $enabled_in_cfg in 0) ufw_stop ret=$? ;; 1) einfo "INFO: ufw is configured to be disabled" ufw_stop --force ret=$? ;; 2) ret=1 ;; esac eend $ret "Failed to stop ufw." return $ret } _status_quiet() { # return values: 0 - started, 1 - stopped, 2 - error # Does not execute _source_file. local ret ufw_status > /dev/null ret=$? # Return values for ufw_status come from /usr/share/ufw/ufw-init-functions. case $ret in 0) return 0 ;; 3) return 1 ;; *) return 2 ;; esac } _source_file() { local sourced_f="/usr/share/ufw/ufw-init-functions" if [ ! -f "$sourced_f" ]; then eerror "Cannot find file $sourced_f!" return 1 fi local _path=$PATH if ! . "$sourced_f"; then # PATH can be broken here, fix it... PATH=$_path eerror "Error sourcing file $sourced_f" return 1 fi if [ -z "$PATH" ]; then PATH=$_path else PATH="${PATH}:${_path}" fi return 0 } _check_if_enabled_in_cfg() { # Check if user has enabled the firewall with "ufw enable". # Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error. local sourced_f="/etc/ufw/ufw.conf" if [ ! -f "$sourced_f" ]; then eerror "Cannot find file $sourced_f!" return 2 fi if ! . "$sourced_f"; then eerror "Error sourcing file $sourced_f" return 2 fi if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then return 0 else return 1 fi }