Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 67086 Details for
Bug 103967
enhancing the panic option of the /etc/init.d/iptables script
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for my suggest modificatoins.
iptablesinit.patch (text/plain), 2.22 KB, created by
Fernando Henrique Ferraz Pereira da Rosa
on 2005-08-28 09:00:13 UTC
(
hide
)
Description:
Patch for my suggest modificatoins.
Filename:
MIME Type:
Creator:
Fernando Henrique Ferraz Pereira da Rosa
Created:
2005-08-28 09:00:13 UTC
Size:
2.22 KB
patch
obsolete
>--- /usr/portage/net-firewall/iptables/files/iptables-1.3.2.init 2005-08-10 20:35:49.000000000 -0300 >+++ iptables 2005-08-28 12:42:36.945458232 -0300 >@@ -3,7 +3,7 @@ > # Distributed under the terms of the GNU General Public License v2 > # $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.2 2005/08/10 23:11:12 vapier Exp $ > >-opts="save reload panic" >+opts="save reload panic panic_log" > > iptables_name=${SVCNAME} > if [[ ${iptables_name} != "iptables" && ${iptables_name} != "ip6tables" ]] ; then >@@ -29,6 +29,7 @@ > nat) chains="PREROUTING POSTROUTING OUTPUT";; > mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; > filter) chains="INPUT FORWARD OUTPUT";; >+ raw) chains="OUTPUT PREROUTING";; > *) chains="";; > esac > local chain >@@ -37,6 +38,22 @@ > done > } > >+add_table_rule() { >+ local chains table=$1 rule=$2 >+ case ${table} in >+ nat) chains="PREROUTING POSTROUTING OUTPUT";; >+ mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; >+ filter) chains="INPUT FORWARD OUTPUT";; >+ raw) chains="OUTPUT PREROUTING";; >+ *) chains="";; >+ esac >+ local chain >+ for chain in ${chains} ; do >+ ${iptables_bin} -t ${table} -A ${chain} ${rule} >+ done >+} >+ >+ > checkkernel() { > if [[ ! -e ${iptables_proc} ]] ; then > eerror "Your kernel lacks ${iptables_name} support, please load" >@@ -82,10 +99,11 @@ > for a in $(<${iptables_proc}) ; do > ${iptables_bin} -F -t $a > ${iptables_bin} -X -t $a >- done >- eend $? >+ set_table_policy $a ACCEPT > >+ done > start >+ eend $? > } > > save() { >@@ -109,3 +127,20 @@ > done > eend $? > } >+ >+panic_log() { >+ checkkernel || return 1 >+ [[ -e ${svcdir}/started/${iptables_name} ]] && svc_stop >+ >+ ebegin "Dropping and logging all packets" >+ >+ for a in $(<${iptables_proc}) ; do >+ ${iptables_bin} -F -t $a >+ ${iptables_bin} -X -t $a >+ iptables -t $a -N BAD >+ iptables -t $a -A BAD -j LOG --log-prefix "drop all policy: " >+ set_table_policy $a DROP >+ add_table_rule $a '-j BAD' >+ done >+ eend $? >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=67086">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 103967
: 67086
