SOURCES: iptables.init, ip6tables.init - cleanups, cosmetics
glen
glen at pld-linux.org
Sun Oct 1 23:48:36 CEST 2006
Author: glen Date: Sun Oct 1 21:48:36 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- cleanups, cosmetics
---- Files affected:
SOURCES:
iptables.init (1.5 -> 1.6) , ip6tables.init (1.6 -> 1.7)
---- Diffs:
================================================================
Index: SOURCES/iptables.init
diff -u SOURCES/iptables.init:1.5 SOURCES/iptables.init:1.6
--- SOURCES/iptables.init:1.5 Sun Oct 1 23:45:29 2006
+++ SOURCES/iptables.init Sun Oct 1 23:48:31 2006
@@ -23,7 +23,7 @@
exit 0
fi
-if /sbin/lsmod 2>/dev/null | grep -q ipchains ; then
+if /sbin/lsmod 2>/dev/null | grep -q ipchains; then
# Don't do both
exit 0
fi
@@ -37,64 +37,64 @@
start() {
# don't do squat if we don't have the config file
if [ -f $IPTABLES_CONFIG ]; then
- # If we don't clear these first, we might be adding to
- # pre-existing rules.
- tables=`cat /proc/net/ip_tables_names 2>/dev/null`
- show "Flushing all current rules and user defined chains:"
- let ret=0
- for i in $tables; do iptables -t $i -F; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
- show "Clearing all current rules and user defined chains:"
- let ret=0
- for i in $tables; do iptables -t $i -X; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
+ # If we don't clear these first, we might be adding to
+ # pre-existing rules.
+ tables=`cat /proc/net/ip_tables_names 2>/dev/null`
+ show "Flushing all current rules and user defined chains:"
+ let ret=0
+ for i in $tables; do iptables -t $i -F; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
+ show "Clearing all current rules and user defined chains:"
+ let ret=0
+ for i in $tables; do iptables -t $i -X; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
- for i in $tables; do iptables -t $i -Z; done
+ for i in $tables; do iptables -t $i -Z; done
- show "Applying iptables firewall rules:"
+ show "Applying iptables firewall rules:"
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /usr/sbin/iptables-restore -c && \
- ok || \
- fail
- touch /var/lock/subsys/iptables
+ ok || \
+ fail
+ touch /var/lock/subsys/iptables
fi
}
stop() {
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
- show "Flushing all chains:"
- let ret=0
- for i in $tables; do iptables -t $i -F; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
-
- show "Removing user defined chains:"
- let ret=0
- for i in $tables; do iptables -t $i -X; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
- show "Resetting built-in chains to the default ACCEPT policy:"
+ show "Flushing all chains:"
+ let ret=0
+ for i in $tables; do iptables -t $i -F; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
+
+ show "Removing user defined chains:"
+ let ret=0
+ for i in $tables; do iptables -t $i -X; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
+ show "Resetting built-in chains to the default ACCEPT policy:"
iftable filter -P INPUT ACCEPT && \
iftable filter -P OUTPUT ACCEPT && \
iftable filter -P FORWARD ACCEPT && \
iftable nat -P PREROUTING ACCEPT && \
iftable nat -P POSTROUTING ACCEPT && \
iftable nat -P OUTPUT ACCEPT && \
- iftable mangle -P PREROUTING ACCEPT && \
- iftable mangle -P OUTPUT ACCEPT && \
+ iftable mangle -P PREROUTING ACCEPT && \
+ iftable mangle -P OUTPUT ACCEPT && \
ok || \
fail
rm -f /var/lock/subsys/iptables
@@ -116,10 +116,6 @@
start
;;
-# condrestart)
-# [ -e /var/lock/subsys/iptables ] && start
-# ;;
-
status)
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
for table in $tables; do
@@ -131,36 +127,36 @@
panic)
show "Changing target policies to DROP: "
iftable filter -P INPUT DROP && \
- iftable filter -P FORWARD DROP && \
- iftable filter -P OUTPUT DROP && \
- iftable nat -P PREROUTING DROP && \
- iftable nat -P POSTROUTING DROP && \
- iftable nat -P OUTPUT DROP && \
- iftable mangle -P PREROUTING DROP && \
- iftable mangle -P OUTPUT DROP && \
- ok "Changing target policies to DROP" || \
- fail "Changing target policies to DROP"
- iftable filter -F INPUT && \
- iftable filter -F FORWARD && \
- iftable filter -F OUTPUT && \
- iftable nat -F PREROUTING && \
- iftable nat -F POSTROUTING && \
- iftable nat -F OUTPUT && \
- iftable mangle -F PREROUTING && \
- iftable mangle -F OUTPUT && \
- ok "Flushing all chains:" || \
- fail "Flushing all chains:"
- iftable filter -X INPUT && \
- iftable filter -X FORWARD && \
- iftable filter -X OUTPUT && \
- iftable nat -X PREROUTING && \
- iftable nat -X POSTROUTING && \
- iftable nat -X OUTPUT && \
- iftable mangle -X PREROUTING && \
- iftable mangle -X OUTPUT && \
- ok "Removing user defined chains:" || \
- fail "Removing user defined chains:"
- ;;
+ iftable filter -P FORWARD DROP && \
+ iftable filter -P OUTPUT DROP && \
+ iftable nat -P PREROUTING DROP && \
+ iftable nat -P POSTROUTING DROP && \
+ iftable nat -P OUTPUT DROP && \
+ iftable mangle -P PREROUTING DROP && \
+ iftable mangle -P OUTPUT DROP && \
+ ok "Changing target policies to DROP" || \
+ fail "Changing target policies to DROP"
+ iftable filter -F INPUT && \
+ iftable filter -F FORWARD && \
+ iftable filter -F OUTPUT && \
+ iftable nat -F PREROUTING && \
+ iftable nat -F POSTROUTING && \
+ iftable nat -F OUTPUT && \
+ iftable mangle -F PREROUTING && \
+ iftable mangle -F OUTPUT && \
+ ok "Flushing all chains:" || \
+ fail "Flushing all chains:"
+ iftable filter -X INPUT && \
+ iftable filter -X FORWARD && \
+ iftable filter -X OUTPUT && \
+ iftable nat -X PREROUTING && \
+ iftable nat -X POSTROUTING && \
+ iftable nat -X OUTPUT && \
+ iftable mangle -X PREROUTING && \
+ iftable mangle -X OUTPUT && \
+ ok "Removing user defined chains:" || \
+ fail "Removing user defined chains:"
+ ;;
save)
show "Saving current rules to $IPTABLES_CONFIG: "
================================================================
Index: SOURCES/ip6tables.init
diff -u SOURCES/ip6tables.init:1.6 SOURCES/ip6tables.init:1.7
--- SOURCES/ip6tables.init:1.6 Sun Oct 1 23:45:29 2006
+++ SOURCES/ip6tables.init Sun Oct 1 23:48:31 2006
@@ -37,64 +37,64 @@
start() {
# don't do squat if we don't have the config file
if [ -f $IPTABLES_CONFIG ]; then
- # If we don't clear these first, we might be adding to
- # pre-existing rules.
- tables=`cat /proc/net/ip6_tables_names 2>/dev/null`
- show "Flushing all current rules and user defined chains:"
- let ret=0
- for i in $tables; do ip6tables -t $i -F; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
- show "Clearing all current rules and user defined chains:"
- let ret=0
- for i in $tables; do ip6tables -t $i -X; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
+ # If we don't clear these first, we might be adding to
+ # pre-existing rules.
+ tables=`cat /proc/net/ip6_tables_names 2>/dev/null`
+ show "Flushing all current rules and user defined chains:"
+ let ret=0
+ for i in $tables; do ip6tables -t $i -F; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
+ show "Clearing all current rules and user defined chains:"
+ let ret=0
+ for i in $tables; do ip6tables -t $i -X; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
- for i in $tables; do ip6tables -t $i -Z; done
+ for i in $tables; do ip6tables -t $i -Z; done
- show "Applying ip6tables firewall rules:"
+ show "Applying ip6tables firewall rules:"
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /usr/sbin/ip6tables-restore -c && \
- ok || \
- fail
- touch /var/lock/subsys/ip6tables
+ ok || \
+ fail
+ touch /var/lock/subsys/ip6tables
fi
}
stop() {
tables=`cat /proc/net/ip6_tables_names 2>/dev/null`
- show "Flushing all chains:"
- let ret=0
- for i in $tables; do ip6tables -t $i -F; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
-
- show "Removing user defined chains:"
- let ret=0
- for i in $tables; do ip6tables -t $i -X; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
- show "Resetting built-in chains to the default ACCEPT policy:"
+ show "Flushing all chains:"
+ let ret=0
+ for i in $tables; do ip6tables -t $i -F; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
+
+ show "Removing user defined chains:"
+ let ret=0
+ for i in $tables; do ip6tables -t $i -X; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
+ show "Resetting built-in chains to the default ACCEPT policy:"
iftable filter -P INPUT ACCEPT && \
iftable filter -P OUTPUT ACCEPT && \
iftable filter -P FORWARD ACCEPT && \
iftable nat -P PREROUTING ACCEPT && \
iftable nat -P POSTROUTING ACCEPT && \
iftable nat -P OUTPUT ACCEPT && \
- iftable mangle -P PREROUTING ACCEPT && \
- iftable mangle -P OUTPUT ACCEPT && \
+ iftable mangle -P PREROUTING ACCEPT && \
+ iftable mangle -P OUTPUT ACCEPT && \
ok || \
fail
rm -f /var/lock/subsys/ip6tables
@@ -116,10 +116,6 @@
start
;;
-# condrestart)
-# [ -e /var/lock/subsys/ip6tables ] && start
-# ;;
-
status)
tables=`cat /proc/net/ip6_tables_names 2>/dev/null`
for table in $tables; do
@@ -131,36 +127,36 @@
panic)
show "Changing target policies to DROP: "
iftable filter -P INPUT DROP && \
- iftable filter -P FORWARD DROP && \
- iftable filter -P OUTPUT DROP && \
- iftable nat -P PREROUTING DROP && \
- iftable nat -P POSTROUTING DROP && \
- iftable nat -P OUTPUT DROP && \
- iftable mangle -P PREROUTING DROP && \
- iftable mangle -P OUTPUT DROP && \
- ok "Changing target policies to DROP" || \
- fail "Changing target policies to DROP"
- iftable filter -F INPUT && \
- iftable filter -F FORWARD && \
- iftable filter -F OUTPUT && \
- iftable nat -F PREROUTING && \
- iftable nat -F POSTROUTING && \
- iftable nat -F OUTPUT && \
- iftable mangle -F PREROUTING && \
- iftable mangle -F OUTPUT && \
- ok "Flushing all chains:" || \
- fail "Flushing all chains:"
- iftable filter -X INPUT && \
- iftable filter -X FORWARD && \
- iftable filter -X OUTPUT && \
- iftable nat -X PREROUTING && \
- iftable nat -X POSTROUTING && \
- iftable nat -X OUTPUT && \
- iftable mangle -X PREROUTING && \
- iftable mangle -X OUTPUT && \
- ok "Removing user defined chains:" || \
- fail "Removing user defined chains:"
- ;;
+ iftable filter -P FORWARD DROP && \
+ iftable filter -P OUTPUT DROP && \
+ iftable nat -P PREROUTING DROP && \
+ iftable nat -P POSTROUTING DROP && \
+ iftable nat -P OUTPUT DROP && \
+ iftable mangle -P PREROUTING DROP && \
+ iftable mangle -P OUTPUT DROP && \
+ ok "Changing target policies to DROP" || \
+ fail "Changing target policies to DROP"
+ iftable filter -F INPUT && \
+ iftable filter -F FORWARD && \
+ iftable filter -F OUTPUT && \
+ iftable nat -F PREROUTING && \
+ iftable nat -F POSTROUTING && \
+ iftable nat -F OUTPUT && \
+ iftable mangle -F PREROUTING && \
+ iftable mangle -F OUTPUT && \
+ ok "Flushing all chains:" || \
+ fail "Flushing all chains:"
+ iftable filter -X INPUT && \
+ iftable filter -X FORWARD && \
+ iftable filter -X OUTPUT && \
+ iftable nat -X PREROUTING && \
+ iftable nat -X POSTROUTING && \
+ iftable nat -X OUTPUT && \
+ iftable mangle -X PREROUTING && \
+ iftable mangle -X OUTPUT && \
+ ok "Removing user defined chains:" || \
+ fail "Removing user defined chains:"
+ ;;
save)
show "Saving current rules to $IPTABLES_CONFIG: "
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/iptables.init?r1=1.5&r2=1.6&f=u
http://cvs.pld-linux.org/SOURCES/ip6tables.init?r1=1.6&r2=1.7&f=u
More information about the pld-cvs-commit
mailing list