Lines 3-9
Link Here
|
3 |
# Distributed under the terms of the GNU General Public License v2 |
3 |
# Distributed under the terms of the GNU General Public License v2 |
4 |
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.2 2005/08/10 23:11:12 vapier Exp $ |
4 |
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.2 2005/08/10 23:11:12 vapier Exp $ |
5 |
|
5 |
|
6 |
opts="save reload panic" |
6 |
opts="save reload panic panic_log" |
7 |
|
7 |
|
8 |
iptables_name=${SVCNAME} |
8 |
iptables_name=${SVCNAME} |
9 |
if [[ ${iptables_name} != "iptables" && ${iptables_name} != "ip6tables" ]] ; then |
9 |
if [[ ${iptables_name} != "iptables" && ${iptables_name} != "ip6tables" ]] ; then |
Lines 29-34
Link Here
|
29 |
nat) chains="PREROUTING POSTROUTING OUTPUT";; |
29 |
nat) chains="PREROUTING POSTROUTING OUTPUT";; |
30 |
mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; |
30 |
mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; |
31 |
filter) chains="INPUT FORWARD OUTPUT";; |
31 |
filter) chains="INPUT FORWARD OUTPUT";; |
|
|
32 |
raw) chains="OUTPUT PREROUTING";; |
32 |
*) chains="";; |
33 |
*) chains="";; |
33 |
esac |
34 |
esac |
34 |
local chain |
35 |
local chain |
Lines 37-42
Link Here
|
37 |
done |
38 |
done |
38 |
} |
39 |
} |
39 |
|
40 |
|
|
|
41 |
add_table_rule() { |
42 |
local chains table=$1 rule=$2 |
43 |
case ${table} in |
44 |
nat) chains="PREROUTING POSTROUTING OUTPUT";; |
45 |
mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; |
46 |
filter) chains="INPUT FORWARD OUTPUT";; |
47 |
raw) chains="OUTPUT PREROUTING";; |
48 |
*) chains="";; |
49 |
esac |
50 |
local chain |
51 |
for chain in ${chains} ; do |
52 |
${iptables_bin} -t ${table} -A ${chain} ${rule} |
53 |
done |
54 |
} |
55 |
|
56 |
|
40 |
checkkernel() { |
57 |
checkkernel() { |
41 |
if [[ ! -e ${iptables_proc} ]] ; then |
58 |
if [[ ! -e ${iptables_proc} ]] ; then |
42 |
eerror "Your kernel lacks ${iptables_name} support, please load" |
59 |
eerror "Your kernel lacks ${iptables_name} support, please load" |
Lines 82-91
Link Here
|
82 |
for a in $(<${iptables_proc}) ; do |
99 |
for a in $(<${iptables_proc}) ; do |
83 |
${iptables_bin} -F -t $a |
100 |
${iptables_bin} -F -t $a |
84 |
${iptables_bin} -X -t $a |
101 |
${iptables_bin} -X -t $a |
85 |
done |
102 |
set_table_policy $a ACCEPT |
86 |
eend $? |
|
|
87 |
|
103 |
|
|
|
104 |
done |
88 |
start |
105 |
start |
|
|
106 |
eend $? |
89 |
} |
107 |
} |
90 |
|
108 |
|
91 |
save() { |
109 |
save() { |
Lines 109-111
Link Here
|
109 |
done |
127 |
done |
110 |
eend $? |
128 |
eend $? |
111 |
} |
129 |
} |
|
|
130 |
|
131 |
panic_log() { |
132 |
checkkernel || return 1 |
133 |
[[ -e ${svcdir}/started/${iptables_name} ]] && svc_stop |
134 |
|
135 |
ebegin "Dropping and logging all packets" |
136 |
|
137 |
for a in $(<${iptables_proc}) ; do |
138 |
${iptables_bin} -F -t $a |
139 |
${iptables_bin} -X -t $a |
140 |
iptables -t $a -N BAD |
141 |
iptables -t $a -A BAD -j LOG --log-prefix "drop all policy: " |
142 |
set_table_policy $a DROP |
143 |
add_table_rule $a '-j BAD' |
144 |
done |
145 |
eend $? |
146 |
} |