2 files changed, 73 insertions, 45 deletions
diff --git a/scripts/firewall/firewall.init b/scripts/firewall/firewall.init
deleted file mode 100755
index b58d4d5..0000000
--- a/scripts/firewall/firewall.init
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-
-# source the shared functions                                                                                                       
-. /etc/init.d/vyatta-functions 
-
-ACTION=$1
-
-start() {
-	echo -n "Initializing firewall:  "
-	# progress_indicator "start" $INIT_PID
-	
-	OUTPUT=`/opt/vyatta/sbin/vyatta-firewall.pl --setup 2>&1`;
-	# progress_indicator "stop" $INIT_PID
-	
-	echo "OK"
-}
-
-stop() {
-	echo -n "Reseting firewall:  "                                      
-	# progress_indicator "start" $INIT_PID
-	OUTPUT=`/opt/vyatta/sbin/vyatta-firewall.pl --setup 2>&1`;
-	
-	# progress_indicator "stop" $INIT_PID
-	echo "OK"
-}
-
-case "$ACTION" in
-	start)
-		start
-		;;
-	stop)
-		stop
-		;;
-	restart)
-		stop
-		start
-		;;
-	*)
-		echo "usage: $0 {start|stop|restart}"
-		exit 1
-		;;
-esac
-
-exit 0
-
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
new file mode 100644
index 0000000..8b9ec5d
--- /dev/null
+++ b/scripts/firewall/firewall.init.in
@@ -0,0 +1,73 @@
+#!/bin/bash
+# **** License ****
+# Version: VPL 1.0
+#
+# The contents of this file are subject to the Vyatta Public License
+# Version 1.0 ("License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+# http://www.vyatta.com/vpl
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author:	Tom Grennan <tgrennan@vyatta.com>
+# Description:	firewall init 
+#		this is an indirect init sub-script executed by ofr.init
+#
+# **** End License ****
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+bindir=@bindir@
+sbindir=@sbindir@
+
+export PATH=/usr/bin:/usr/sbin:/bin:/sbin:$bindir:$sbindir
+
+. /lib/lsb/init-functions
+
+ACTION=$1
+
+declare -a modules=(
+    nf_conntrack
+    nf_conntrack_ftp
+    nf_conntrack_tftp
+    nf_nat
+    nf_nat_ftp
+    nf_nat_tftp
+    nf_nat_proto_gre
+    nf_nat_sip
+    nf_nat_h323
+    nf_nat_pptp)
+
+## setup firewall & nat conntrack modules
+start () {
+    for mod in ${modules[@]} ; do 
+	modprobe --syslog $mod
+    done
+
+    # set up notrack chains/rules
+    # by default, nothing is tracked.
+    iptables -t raw -A PREROUTING -j NOTRACK
+    iptables -t raw -A OUTPUT -j NOTRACK
+}
+
+case "$ACTION" in
+    start) start ;;
+    stop|restart|force-reload) true ;; # nothing to stop/restart
+    *)	log_failure_msg "action unknown: $ACTION" ;
+	false ;;
+esac
+
+exit $?
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 4
+# End:
+