using iptables without full path is insecure, I would modify this script this way:
> Your bash script could look like this: > > #!/bin/bash +IPT=/usr/sbin/iptables > -> ADD=-A +ADD="$IPT -A" -> INS=-I +INS="$IPT -I" > > if [ -n "$1" ]; then > if [ "$1" != "delete" ]; then > echo usage: $0 [delete] > exit 1 > fi these two too: > ADD=-D > INS=-D > fi > > #examples: -> iptables $ADD INPUT -i eth0 10.0.0.0/8 -j DROP +$ADD INPUT -i eth0 10.0.0.0/8 -j DROP -> iptables $INS OUTPUT -i eth0 192.168.0.0/16 -j DROP +$INS OUTPUT -i eth0 192.168.0.0/16 -j DROP > there is other way of rules deletion: iptables -D chain num where num is rule number in chain. in some cases it is better to use this command. -- Martin Tomasek, [EMAIL PROTECTED] BOFH excuse #27: radiosity depletion
msg04544/pgp00000.pgp
Description: PGP signature
