SOURCES: iptables.init, ip6tables.init - cleanups, cosmetics

glen glen at pld-linux.org
Sun Oct 1 23:48:36 CEST 2006


Author: glen                         Date: Sun Oct  1 21:48:36 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- cleanups, cosmetics

---- Files affected:
SOURCES:
   iptables.init (1.5 -> 1.6) , ip6tables.init (1.6 -> 1.7) 

---- Diffs:

================================================================
Index: SOURCES/iptables.init
diff -u SOURCES/iptables.init:1.5 SOURCES/iptables.init:1.6
--- SOURCES/iptables.init:1.5	Sun Oct  1 23:45:29 2006
+++ SOURCES/iptables.init	Sun Oct  1 23:48:31 2006
@@ -23,7 +23,7 @@
 	exit 0
 fi
 
-if /sbin/lsmod 2>/dev/null | grep -q ipchains ; then
+if /sbin/lsmod 2>/dev/null | grep -q ipchains; then
 	# Don't do both
 	exit 0
 fi
@@ -37,64 +37,64 @@
 start() {
 	# don't do squat if we don't have the config file
 	if [ -f $IPTABLES_CONFIG ]; then
-	    # If we don't clear these first, we might be adding to
-	    #  pre-existing rules.
-	    tables=`cat /proc/net/ip_tables_names 2>/dev/null`
-	    show "Flushing all current rules and user defined chains:"
-	    let ret=0
-            for i in $tables; do iptables -t $i -F; let ret+=$?; done
-            if [ $ret -eq 0 ]; then
-        	ok
-            else
-        	fail
-            fi
-            show "Clearing all current rules and user defined chains:"
-            let ret=0
-            for i in $tables; do iptables -t $i -X; let ret+=$?; done
-            if [ $ret -eq 0 ]; then
-        	ok
-            else
-        	fail
-            fi
+		# If we don't clear these first, we might be adding to
+		#  pre-existing rules.
+		tables=`cat /proc/net/ip_tables_names 2>/dev/null`
+		show "Flushing all current rules and user defined chains:"
+		let ret=0
+		for i in $tables; do iptables -t $i -F; let ret+=$?; done
+		if [ $ret -eq 0 ]; then
+			ok
+		else
+			fail
+		fi
+		show "Clearing all current rules and user defined chains:"
+		let ret=0
+		for i in $tables; do iptables -t $i -X; let ret+=$?; done
+		if [ $ret -eq 0 ]; then
+			ok
+		else
+			fail
+		fi
 
-            for i in $tables; do iptables -t $i -Z; done
+		for i in $tables; do iptables -t $i -Z; done
 
-	    show "Applying iptables firewall rules:"
+		show "Applying iptables firewall rules:"
 		grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /usr/sbin/iptables-restore -c && \
-		    ok || \
-		    fail
-	    touch /var/lock/subsys/iptables
+			ok || \
+			fail
+		touch /var/lock/subsys/iptables
 	fi
 }
 
 stop() {
 	tables=`cat /proc/net/ip_tables_names 2>/dev/null`
-        show "Flushing all chains:"
-        let ret=0
-        for i in $tables; do iptables -t $i -F; let ret+=$?; done
-        if [ $ret -eq 0 ]; then
-            ok
-        else
-            fail
-        fi
-
-        show "Removing user defined chains:"
-        let ret=0
-        for i in $tables; do iptables -t $i -X; let ret+=$?; done
-        if [ $ret -eq 0 ]; then
-            ok
-        else
-            fail
-        fi
-        show "Resetting built-in chains to the default ACCEPT policy:"
+		show "Flushing all chains:"
+		let ret=0
+		for i in $tables; do iptables -t $i -F; let ret+=$?; done
+		if [ $ret -eq 0 ]; then
+			ok
+		else
+			fail
+		fi
+
+		show "Removing user defined chains:"
+		let ret=0
+		for i in $tables; do iptables -t $i -X; let ret+=$?; done
+		if [ $ret -eq 0 ]; then
+			ok
+		else
+			fail
+		fi
+		show "Resetting built-in chains to the default ACCEPT policy:"
 	iftable filter -P INPUT ACCEPT && \
 	   iftable filter -P OUTPUT ACCEPT && \
 	   iftable filter -P FORWARD ACCEPT && \
 	   iftable nat -P PREROUTING ACCEPT && \
 	   iftable nat -P POSTROUTING ACCEPT && \
 	   iftable nat -P OUTPUT ACCEPT && \
-           iftable mangle -P PREROUTING ACCEPT && \
-           iftable mangle -P OUTPUT ACCEPT && \
+	   iftable mangle -P PREROUTING ACCEPT && \
+	   iftable mangle -P OUTPUT ACCEPT && \
 	   ok || \
 	   fail
 	rm -f /var/lock/subsys/iptables
@@ -116,10 +116,6 @@
 	start
 	;;
 
-#  condrestart)
-#	[ -e /var/lock/subsys/iptables ] && start
-#	;;
-
   status)
 	tables=`cat /proc/net/ip_tables_names 2>/dev/null`
 	for table in $tables; do
@@ -131,36 +127,36 @@
   panic)
 	show "Changing target policies to DROP: "
 	iftable filter -P INPUT DROP && \
-	    iftable filter -P FORWARD DROP && \
-	    iftable filter -P OUTPUT DROP && \
-	    iftable nat -P PREROUTING DROP && \
-	    iftable nat -P POSTROUTING DROP && \
-	    iftable nat -P OUTPUT DROP && \
-	    iftable mangle -P PREROUTING DROP && \
-	    iftable mangle -P OUTPUT DROP && \
-	    ok "Changing target policies to DROP" || \
-	    fail "Changing target policies to DROP"
-        iftable filter -F INPUT && \
-                iftable filter -F FORWARD && \
-                iftable filter -F OUTPUT && \
-                iftable nat -F PREROUTING && \
-                iftable nat -F POSTROUTING && \
-                iftable nat -F OUTPUT && \
-                iftable mangle -F PREROUTING && \
-                iftable mangle -F OUTPUT && \
-                ok "Flushing all chains:" || \
-                fail "Flushing all chains:"
-        iftable filter -X INPUT && \
-                iftable filter -X FORWARD && \
-                iftable filter -X OUTPUT && \
-                iftable nat -X PREROUTING && \
-                iftable nat -X POSTROUTING && \
-                iftable nat -X OUTPUT && \
-                iftable mangle -X PREROUTING && \
-                iftable mangle -X OUTPUT && \
-                ok "Removing user defined chains:" || \
-                fail "Removing user defined chains:"
-        ;;
+		iftable filter -P FORWARD DROP && \
+		iftable filter -P OUTPUT DROP && \
+		iftable nat -P PREROUTING DROP && \
+		iftable nat -P POSTROUTING DROP && \
+		iftable nat -P OUTPUT DROP && \
+		iftable mangle -P PREROUTING DROP && \
+		iftable mangle -P OUTPUT DROP && \
+		ok "Changing target policies to DROP" || \
+		fail "Changing target policies to DROP"
+		iftable filter -F INPUT && \
+			iftable filter -F FORWARD && \
+			iftable filter -F OUTPUT && \
+			iftable nat -F PREROUTING && \
+			iftable nat -F POSTROUTING && \
+			iftable nat -F OUTPUT && \
+			iftable mangle -F PREROUTING && \
+			iftable mangle -F OUTPUT && \
+			ok "Flushing all chains:" || \
+			fail "Flushing all chains:"
+		iftable filter -X INPUT && \
+			iftable filter -X FORWARD && \
+			iftable filter -X OUTPUT && \
+			iftable nat -X PREROUTING && \
+			iftable nat -X POSTROUTING && \
+			iftable nat -X OUTPUT && \
+			iftable mangle -X PREROUTING && \
+			iftable mangle -X OUTPUT && \
+			ok "Removing user defined chains:" || \
+			fail "Removing user defined chains:"
+		;;
 
   save)
 	show "Saving current rules to $IPTABLES_CONFIG: "

================================================================
Index: SOURCES/ip6tables.init
diff -u SOURCES/ip6tables.init:1.6 SOURCES/ip6tables.init:1.7
--- SOURCES/ip6tables.init:1.6	Sun Oct  1 23:45:29 2006
+++ SOURCES/ip6tables.init	Sun Oct  1 23:48:31 2006
@@ -37,64 +37,64 @@
 start() {
 	# don't do squat if we don't have the config file
 	if [ -f $IPTABLES_CONFIG ]; then
-	    # If we don't clear these first, we might be adding to
-	    #  pre-existing rules.
-	    tables=`cat /proc/net/ip6_tables_names 2>/dev/null`
-	    show "Flushing all current rules and user defined chains:"
-	    let ret=0
-            for i in $tables; do ip6tables -t $i -F; let ret+=$?; done
-            if [ $ret -eq 0 ]; then
-        	ok
-            else
-        	fail
-            fi
-            show "Clearing all current rules and user defined chains:"
-            let ret=0
-            for i in $tables; do ip6tables -t $i -X; let ret+=$?; done
-            if [ $ret -eq 0 ]; then
-        	ok
-            else
-        	fail
-            fi
+		# If we don't clear these first, we might be adding to
+		#  pre-existing rules.
+		tables=`cat /proc/net/ip6_tables_names 2>/dev/null`
+		show "Flushing all current rules and user defined chains:"
+		let ret=0
+		for i in $tables; do ip6tables -t $i -F; let ret+=$?; done
+		if [ $ret -eq 0 ]; then
+			ok
+		else
+			fail
+		fi
+		show "Clearing all current rules and user defined chains:"
+		let ret=0
+		for i in $tables; do ip6tables -t $i -X; let ret+=$?; done
+		if [ $ret -eq 0 ]; then
+			ok
+		else
+			fail
+		fi
 
-            for i in $tables; do ip6tables -t $i -Z; done
+		for i in $tables; do ip6tables -t $i -Z; done
 
-	    show "Applying ip6tables firewall rules:"
+		show "Applying ip6tables firewall rules:"
 		grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /usr/sbin/ip6tables-restore -c && \
-		    ok || \
-		    fail
-	    touch /var/lock/subsys/ip6tables
+			ok || \
+			fail
+		touch /var/lock/subsys/ip6tables
 	fi
 }
 
 stop() {
 	tables=`cat /proc/net/ip6_tables_names 2>/dev/null`
-        show "Flushing all chains:"
-        let ret=0
-        for i in $tables; do ip6tables -t $i -F; let ret+=$?; done
-        if [ $ret -eq 0 ]; then
-                ok
-        else
-                fail
-        fi
-
-        show "Removing user defined chains:"
-        let ret=0
-        for i in $tables; do ip6tables -t $i -X; let ret+=$?; done
-        if [ $ret -eq 0 ]; then
-                ok
-        else
-                fail
-        fi
-        show "Resetting built-in chains to the default ACCEPT policy:"
+		show "Flushing all chains:"
+		let ret=0
+		for i in $tables; do ip6tables -t $i -F; let ret+=$?; done
+		if [ $ret -eq 0 ]; then
+			ok
+		else
+			fail
+		fi
+
+		show "Removing user defined chains:"
+		let ret=0
+		for i in $tables; do ip6tables -t $i -X; let ret+=$?; done
+		if [ $ret -eq 0 ]; then
+			ok
+		else
+			fail
+		fi
+		show "Resetting built-in chains to the default ACCEPT policy:"
 	iftable filter -P INPUT ACCEPT && \
 	   iftable filter -P OUTPUT ACCEPT && \
 	   iftable filter -P FORWARD ACCEPT && \
 	   iftable nat -P PREROUTING ACCEPT && \
 	   iftable nat -P POSTROUTING ACCEPT && \
 	   iftable nat -P OUTPUT ACCEPT && \
-           iftable mangle -P PREROUTING ACCEPT && \
-           iftable mangle -P OUTPUT ACCEPT && \
+	   iftable mangle -P PREROUTING ACCEPT && \
+	   iftable mangle -P OUTPUT ACCEPT && \
 	   ok || \
 	   fail
 	rm -f /var/lock/subsys/ip6tables
@@ -116,10 +116,6 @@
 	start
 	;;
 
-#  condrestart)
-#	[ -e /var/lock/subsys/ip6tables ] && start
-#	;;
-
   status)
 	tables=`cat /proc/net/ip6_tables_names 2>/dev/null`
 	for table in $tables; do
@@ -131,36 +127,36 @@
   panic)
 	show "Changing target policies to DROP: "
 	iftable filter -P INPUT DROP && \
-	    iftable filter -P FORWARD DROP && \
-	    iftable filter -P OUTPUT DROP && \
-	    iftable nat -P PREROUTING DROP && \
-	    iftable nat -P POSTROUTING DROP && \
-	    iftable nat -P OUTPUT DROP && \
-	    iftable mangle -P PREROUTING DROP && \
-	    iftable mangle -P OUTPUT DROP && \
-	    ok "Changing target policies to DROP" || \
-	    fail "Changing target policies to DROP"
-        iftable filter -F INPUT && \
-                iftable filter -F FORWARD && \
-                iftable filter -F OUTPUT && \
-                iftable nat -F PREROUTING && \
-                iftable nat -F POSTROUTING && \
-                iftable nat -F OUTPUT && \
-                iftable mangle -F PREROUTING && \
-                iftable mangle -F OUTPUT && \
-                ok "Flushing all chains:" || \
-                fail "Flushing all chains:"
-        iftable filter -X INPUT && \
-                iftable filter -X FORWARD && \
-                iftable filter -X OUTPUT && \
-                iftable nat -X PREROUTING && \
-                iftable nat -X POSTROUTING && \
-                iftable nat -X OUTPUT && \
-                iftable mangle -X PREROUTING && \
-                iftable mangle -X OUTPUT && \
-                ok "Removing user defined chains:" || \
-                fail "Removing user defined chains:"
-        ;;
+		iftable filter -P FORWARD DROP && \
+		iftable filter -P OUTPUT DROP && \
+		iftable nat -P PREROUTING DROP && \
+		iftable nat -P POSTROUTING DROP && \
+		iftable nat -P OUTPUT DROP && \
+		iftable mangle -P PREROUTING DROP && \
+		iftable mangle -P OUTPUT DROP && \
+		ok "Changing target policies to DROP" || \
+		fail "Changing target policies to DROP"
+		iftable filter -F INPUT && \
+			iftable filter -F FORWARD && \
+			iftable filter -F OUTPUT && \
+			iftable nat -F PREROUTING && \
+			iftable nat -F POSTROUTING && \
+			iftable nat -F OUTPUT && \
+			iftable mangle -F PREROUTING && \
+			iftable mangle -F OUTPUT && \
+			ok "Flushing all chains:" || \
+			fail "Flushing all chains:"
+		iftable filter -X INPUT && \
+			iftable filter -X FORWARD && \
+			iftable filter -X OUTPUT && \
+			iftable nat -X PREROUTING && \
+			iftable nat -X POSTROUTING && \
+			iftable nat -X OUTPUT && \
+			iftable mangle -X PREROUTING && \
+			iftable mangle -X OUTPUT && \
+			ok "Removing user defined chains:" || \
+			fail "Removing user defined chains:"
+		;;
 
   save)
 	show "Saving current rules to $IPTABLES_CONFIG: "
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/iptables.init?r1=1.5&r2=1.6&f=u
    http://cvs.pld-linux.org/SOURCES/ip6tables.init?r1=1.6&r2=1.7&f=u



More information about the pld-cvs-commit mailing list