Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 135816 Details for
Bug 198907
net-firewall/iptables - reload does not reset policy to ACCEPT when flushing tables
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
workaround
iptables (text/plain), 2.54 KB, created by
Dmitry Bilunov
on 2007-11-12 12:19:07 UTC
(
hide
)
Description:
workaround
Filename:
MIME Type:
Creator:
Dmitry Bilunov
Created:
2007-11-12 12:19:07 UTC
Size:
2.54 KB
patch
obsolete
>#!/sbin/runscript ># Copyright 1999-2007 Gentoo Foundation ># Distributed under the terms of the GNU General Public License v2 ># $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.6 2007/03/12 21:49:04 vapier Exp $ > >opts="save reload panic" > >iptables_name=${SVCNAME} >if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then > iptables_name="iptables" >fi > >iptables_bin="/sbin/${iptables_name}" >case ${iptables_name} in > iptables) iptables_proc="/proc/net/ip_tables_names" > iptables_save=${IPTABLES_SAVE};; > ip6tables) iptables_proc="/proc/net/ip6_tables_names" > iptables_save=${IP6TABLES_SAVE};; >esac > >depend() { > before net > use logger >} > >set_table_policy() { > local chains table=$1 policy=$2 > case ${table} in > nat) chains="PREROUTING POSTROUTING OUTPUT";; > mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; > filter) chains="INPUT FORWARD OUTPUT";; > *) chains="";; > esac > local chain > for chain in ${chains} ; do > ${iptables_bin} -t ${table} -P ${chain} ${policy} > done >} > >checkkernel() { > if [ ! -e ${iptables_proc} ] ; then > eerror "Your kernel lacks ${iptables_name} support, please load" > eerror "appropriate modules and try again." > return 1 > fi > return 0 >} >checkconfig() { > if [ ! -f ${iptables_save} ] ; then > eerror "Not starting ${iptables_name}. First create some rules then run:" > eerror "/etc/init.d/${iptables_name} save" > return 1 > fi > return 0 >} > >start() { > checkconfig || return 1 > ebegin "Loading ${iptables_name} state and starting firewall" > ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" > eend $? >} > >stop() { > if [ "${SAVE_ON_STOP}" = "yes" ] ; then > save || return 1 > fi > checkkernel || return 1 > ebegin "Stopping firewall" > local a > for a in $(cat ${iptables_proc}) ; do > set_table_policy $a ACCEPT > > ${iptables_bin} -F -t $a > ${iptables_bin} -X -t $a > done > eend $? >} > >reload() { > checkkernel || return 1 > ebegin "Flushing firewall" > local a > for a in $(cat ${iptables_proc}) ; do > set_table_policy $a ACCEPT > > ${iptables_bin} -F -t $a > ${iptables_bin} -X -t $a > done > eend $? > > start >} > >save() { > ebegin "Saving ${iptables_name} state" > touch "${iptables_save}" > chmod 0600 "${iptables_save}" > ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" > eend $? >} > >panic() { > checkkernel || return 1 > service_started ${iptables_name} && svc_stop > > local a > ebegin "Dropping all packets" > for a in $(cat ${iptables_proc}) ; do > ${iptables_bin} -F -t $a > ${iptables_bin} -X -t $a > > set_table_policy $a DROP > done > eend $? >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=135816">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 198907
: 135816 |
180128
