I briefly used giptbles, and decided I'd rather use only the iptables package. However, I did like giptables' "panic" function, which essentialy cuts all internet traffic. Therefore, I added this function (see below) to my /etc/init.d/iptables, and it works well for me. I have attched the complete script as an attachment. It would be nice if this could the the standard script that came with the package. panic() { svc_stop ebegin "dropping EVERYTHNG!" for a in `cat /proc/net/ip_tables_names`; do /sbin/iptables -F -t $a /sbin/iptables -X -t $a if [ $a == nat ]; then /sbin/iptables -t nat -P PREROUTING DROP /sbin/iptables -t nat -P POSTROUTING DROP /sbin/iptables -t nat -P OUTPUT DROP elif [ $a == mangle ]; then /sbin/iptables -t mangle -P PREROUTING DROP /sbin/iptables -t mangle -P INPUT DROP /sbin/iptables -t mangle -P FORWARD DROP /sbin/iptables -t mangle -P OUTPUT DROP /sbin/iptables -t mangle -P POSTROUTING DROP elif [ $a == filter ]; then /sbin/iptables -t filter -P INPUT DROP /sbin/iptables -t filter -P FORWARD DROP /sbin/iptables -t filter -P OUTPUT DROP fi done eend $? }
Created attachment 44449 [details] edited iptables init script
This is not a security vulnerability, reassigning to maintainer.
added to iptables-1.3.2