Attachment 180128 Details for Bug 198907 – Simple test for the case where iptables-restore WILL result in a failure and loss of remote access

[patch] Simple test for the case where iptables-restore WILL result in a failure and loss of remote access

iptables-safe(r)-reload.txt (text/plain), 1.13 KB, created by David K. Thompson on 2009-01-29 17:02:47 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: David K. Thompson

Created: 2009-01-29 17:02:47 UTC

Size: 1.13 KB

patch

obsolete

>--- iptables-1.3.2.init 2007-03-12 15:05:59.000000000 -0700
>+++ /etc/init.d/iptables        2008-08-19 11:48:30.000000000 -0700
>@@ -3,7 +3,7 @@
> # Distributed under the terms of the GNU General Public License v2
> # $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.6 2007/03/12 21:49:04 vapier Exp $
> 
>-opts="save reload panic"
>+opts="save reload panic check"
> 
> iptables_name=${SVCNAME}
> if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
>@@ -64,6 +64,7 @@
> stop() {
>        if [ "${SAVE_ON_STOP}" = "yes" ] ; then
>                save || return 1
>+
>        fi
>        checkkernel || return 1
>        ebegin "Stopping firewall"
>@@ -79,6 +80,7 @@
> 
> reload() {
>        checkkernel || return 1
>+       check || return 1
>        ebegin "Flushing firewall"
>        local a
>        for a in $(cat ${iptables_proc}) ; do
>@@ -112,3 +114,10 @@
>        done
>        eend $?
> }
>+
>+check() {
>+       checkkernel || return 1
>+       ebegin "Checking rules"
>+        ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
>+        eend $?
>+}

Actions: View | Diff

Attachments on bug 198907: 135816 | 180128