#!/bin/sh

# config: /etc/sysconfig/arptables

# Source 'em up

. /etc/init.d/functions

ARPTABLES_CONFIG=/etc/sysconfig/arptables

start() {

	if [ ! -x /usr/sbin/arptables ]; then

		exit 4

	fi

	# don't do squat if we don't have the config file

	if [ -f $ARPTABLES_CONFIG ]; then

		echo -n $"Applying arptables firewall rules: "

		/usr/sbin/arptables-restore < $ARPTABLES_CONFIG && \

			success || \

			failure

		echo

		touch /var/lock/subsys/arptables

	else

		failure

		echo

		echo $"Configuration file /etc/sysconfig/arptables missing"

		exit 6

	fi

}

stop() {

	echo -n $"Removing user defined chains:"

	arptables -X && success || failure

	echo -n $"Flushing all chains:"

	arptables -F && success || failure

	echo -n $"Resetting built-in chains to the default ACCEPT policy:"

	arptables -P INPUT ACCEPT && \

		arptables -P OUTPUT ACCEPT && \

		success || \

		failure

	echo

	rm -f /var/lock/subsys/arptables

}

case "$1" in

start)

	start

	;;

stop)

	stop

	;;

restart|reload)

	# "restart" is really just "start" as this isn't a daemon,

	# and "start" clears any pre-defined rules anyway.

	# This is really only here to make those who expect it happy

	start

	;;

condrestart|try-restart|force-reload)

	[ -e /var/lock/subsys/arptables ] && start

	;;

*)

	exit 2

esac

exit 0