Kurt Taylor
d17f9ab13d
Update all references of "LLC" to "Foundation". Change-Id: I009e86784ef4dcf38882d64b0eff484576e04efe
107 lines
2.8 KiB
Bash
Executable File
107 lines
2.8 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# host-rules Start/Stop the networking host rules
|
|
#
|
|
# chkconfig: 2345 85 15
|
|
# description: Networking Host Rules for Multi Tenancy Protections
|
|
|
|
# Copyright 2010 OpenStack Foundation
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
IPTABLES=/sbin/iptables
|
|
EBTABLES=/sbin/ebtables
|
|
ARPTABLES=/sbin/arptables
|
|
|
|
iptables-up()
|
|
{
|
|
$IPTABLES -P FORWARD DROP
|
|
$IPTABLES -A FORWARD -m physdev --physdev-in eth0 -j ACCEPT
|
|
$IPTABLES -A FORWARD -m physdev --physdev-in eth1 -j ACCEPT
|
|
}
|
|
|
|
ebtables-up()
|
|
{
|
|
$EBTABLES -P FORWARD DROP
|
|
$EBTABLES -A FORWARD -o eth0 -j ACCEPT
|
|
$EBTABLES -A FORWARD -o eth1 -j ACCEPT
|
|
}
|
|
|
|
arptables-up()
|
|
{
|
|
$ARPTABLES -P FORWARD DROP
|
|
$ARPTABLES -A FORWARD --opcode Request --in-interface eth0 -j ACCEPT
|
|
$ARPTABLES -A FORWARD --opcode Reply --in-interface eth0 -j ACCEPT
|
|
$ARPTABLES -A FORWARD --opcode Request --in-interface eth1 -j ACCEPT
|
|
$ARPTABLES -A FORWARD --opcode Reply --in-interface eth1 -j ACCEPT
|
|
}
|
|
|
|
iptables-down()
|
|
{
|
|
$IPTABLES -P FORWARD ACCEPT
|
|
$IPTABLES -D FORWARD -m physdev --physdev-in eth0 -j ACCEPT
|
|
$IPTABLES -D FORWARD -m physdev --physdev-in eth1 -j ACCEPT
|
|
}
|
|
|
|
ebtables-down()
|
|
{
|
|
$EBTABLES -P FORWARD ACCEPT
|
|
$EBTABLES -D FORWARD -o eth0 -j ACCEPT
|
|
$EBTABLES -D FORWARD -o eth1 -j ACCEPT
|
|
}
|
|
|
|
arptables-down()
|
|
{
|
|
$ARPTABLES -P FORWARD ACCEPT
|
|
$ARPTABLES -D FORWARD --opcode Request --in-interface eth0 -j ACCEPT
|
|
$ARPTABLES -D FORWARD --opcode Reply --in-interface eth0 -j ACCEPT
|
|
$ARPTABLES -D FORWARD --opcode Request --in-interface eth1 -j ACCEPT
|
|
$ARPTABLES -D FORWARD --opcode Reply --in-interface eth1 -j ACCEPT
|
|
}
|
|
|
|
start()
|
|
{
|
|
iptables-up
|
|
ebtables-up
|
|
arptables-up
|
|
}
|
|
|
|
stop()
|
|
{
|
|
iptables-down
|
|
ebtables-down
|
|
arptables-down
|
|
}
|
|
|
|
case "$1" in
|
|
start)
|
|
start
|
|
RETVAL=$?
|
|
;;
|
|
stop)
|
|
stop
|
|
RETVAL=$?
|
|
;;
|
|
restart)
|
|
stop
|
|
start
|
|
RETVAL=$?
|
|
;;
|
|
*)
|
|
echo $"Usage: $0 {start|stop|restart}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
exit $RETVAL
|