[Cooker] iptables

Sun, 04 Mar 2001 03:50:33 -0800 


Destinations should be uppercase ("INPUT" not "input"), and -p and -f are
not switches to iptables.

--- iptables.init       Fri Mar  2 21:23:40 2001
+++ /etc/init.d/iptables        Sun Mar  4 03:48:40 2001
@@ -43,25 +43,24 @@
        if [ -f $IPTABLES_CONFIG ]; then
            # If we don't clear these first, we might be adding to
            #  pre-existing rules.
-           action "Flushing all current rules and user defined chains:"
iptables -F
-           action "Clearing all current rules and user defined chains:"
iptables -X
-           iptables -Z
+           action "Flushing all current rules and user defined chains:"
iptables --flush
+           action "Clearing all current rules and user defined chains:"
iptables --delete-chain
+           iptables --zero
            echo $"Applying iptables firewall rules: "
-               grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v
'^[[:space:]]*$' | /sbin/iptables-restore -p -f && \
-                   success "Applying iptables firewall rules" || \
-                   failure "Applying iptables firewall rules"
+               grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v
'^[[:space:]]*$' | /sbin/iptables-restore && success "Applying iptables
firewall rules" || failure "Applying iptables firewall rules"
+#              grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v
'^[[:space:]]*$'
            echo
            touch /var/lock/subsys/iptables
        fi
 }

 stop() {
-       action "Flushing all chains:" iptables -F
-       action "Removing user defined chains:" iptables -X
+       action "Flushing all chains:" iptables --flush
+       action "Removing user defined chains:" iptables --delete-chain
        echo $"Resetting built-in chains to the default ACCEPT policy:"
-       iptables -P input ACCEPT && \
-          iptables -P forward ACCEPT && \
-          iptables -P output ACCEPT && \
+       iptables --policy INPUT ACCEPT && \
+          iptables --policy FORWARD ACCEPT && \
+          iptables --policy OUTPUT ACCEPT && \
           success "Resetting built-in chains to the default ACCEPT
policy" || \
           failure "Resetting built-in chains to the default ACCEPT
policy"
        echo
@@ -94,14 +93,14 @@

   panic)
        echo $"Changing target policies to DROP: "
-       iptables -P input DROP && \
-           iptables -P forward DROP && \
-           iptables -P output DROP && \
+       iptables --policy INPUT DROP && \
+           iptables --policy FORWARD DROP && \
+           iptables --policy OUTPUT DROP && \
            success "Changing target policies to DROP" || \
            failure "Changing target policies to DROP"
        echo
-       action "Flushing all chains:" iptables -F input && iptables -F
forward && iptables -F output
-       action "Removing user defined chains:" iptables -X
+       action "Flushing all chains:" iptables --flush INPUT && iptables
--flush FORWARD && iptables --flush OUTPUT
+       action "Removing user defined chains:" iptables --delete-chain
        ;;

   save)

Reply via email to