Author: glen Date: Sat Mar 3 10:48:14 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- ok, fail do not take args
- cosmetics in show()
- tabbing
---- Files affected:
SOURCES:
iptables.init (1.7 -> 1.8)
---- Diffs:
================================================================
Index: SOURCES/iptables.init
diff -u SOURCES/iptables.init:1.7 SOURCES/iptables.init:1.8
--- SOURCES/iptables.init:1.7 Thu Dec 7 22:28:28 2006
+++ SOURCES/iptables.init Sat Mar 3 11:48:09 2007
@@ -47,7 +47,7 @@
# If we don't clear these first, we might be adding to
# pre-existing rules.
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
- show "Flushing all current rules and user defined chains:"
+ show "Flushing all current rules and user defined chains"
let ret=0
for i in $tables; do iptables -t $i -F; let ret+=$?; done
if [ $ret -eq 0 ]; then
@@ -55,7 +55,7 @@
else
fail
fi
- show "Clearing all current rules and user defined chains:"
+ show "Clearing all current rules and user defined chains"
let ret=0
for i in $tables; do iptables -t $i -X; let ret+=$?; done
if [ $ret -eq 0 ]; then
@@ -66,7 +66,7 @@
for i in $tables; do iptables -t $i -Z; done
- show "Applying iptables firewall rules:"
+ show "Applying iptables firewall rules"
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v
'^[[:space:]]*$' | /usr/sbin/iptables-restore -c && \
ok || \
fail
@@ -76,34 +76,33 @@
stop() {
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
- show "Flushing all chains:"
- let ret=0
- for i in $tables; do iptables -t $i -F; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
+ show "Flushing all chains"
+ let ret=0
+ for i in $tables; do iptables -t $i -F; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
- show "Removing user defined chains:"
- let ret=0
- for i in $tables; do iptables -t $i -X; let ret+=$?; done
- if [ $ret -eq 0 ]; then
- ok
- else
- fail
- fi
- show "Resetting built-in chains to the default ACCEPT policy:"
+ show "Removing user defined chains"
+ let ret=0
+ for i in $tables; do iptables -t $i -X; let ret+=$?; done
+ if [ $ret -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
+ show "Resetting built-in chains to the default ACCEPT policy"
iftable filter -P INPUT ACCEPT && \
- iftable filter -P OUTPUT ACCEPT && \
- iftable filter -P FORWARD ACCEPT && \
- iftable nat -P PREROUTING ACCEPT && \
- iftable nat -P POSTROUTING ACCEPT && \
- iftable nat -P OUTPUT ACCEPT && \
- iftable mangle -P PREROUTING ACCEPT && \
- iftable mangle -P OUTPUT ACCEPT && \
- ok || \
- fail
+ iftable filter -P OUTPUT ACCEPT && \
+ iftable filter -P FORWARD ACCEPT && \
+ iftable nat -P PREROUTING ACCEPT && \
+ iftable nat -P POSTROUTING ACCEPT && \
+ iftable nat -P OUTPUT ACCEPT && \
+ iftable mangle -P PREROUTING ACCEPT && \
+ iftable mangle -P OUTPUT ACCEPT && \
+ ok || fail
rm -f /var/lock/subsys/iptables
}
@@ -132,50 +131,45 @@
;;
panic)
- show "Changing target policies to DROP: "
+ show "Changing target policies to DROP"
iftable filter -P INPUT DROP && \
- iftable filter -P FORWARD DROP && \
- iftable filter -P OUTPUT DROP && \
- iftable nat -P PREROUTING DROP && \
- iftable nat -P POSTROUTING DROP && \
- iftable nat -P OUTPUT DROP && \
- iftable mangle -P PREROUTING DROP && \
- iftable mangle -P OUTPUT DROP && \
- ok "Changing target policies to DROP" || \
- fail "Changing target policies to DROP"
- iftable filter -F INPUT && \
- iftable filter -F FORWARD && \
- iftable filter -F OUTPUT && \
- iftable nat -F PREROUTING && \
- iftable nat -F POSTROUTING && \
- iftable nat -F OUTPUT && \
- iftable mangle -F PREROUTING && \
- iftable mangle -F OUTPUT && \
- ok "Flushing all chains:" || \
- fail "Flushing all chains:"
- iftable filter -X INPUT && \
- iftable filter -X FORWARD && \
- iftable filter -X OUTPUT && \
- iftable nat -X PREROUTING && \
- iftable nat -X POSTROUTING && \
- iftable nat -X OUTPUT && \
- iftable mangle -X PREROUTING && \
- iftable mangle -X OUTPUT && \
- ok "Removing user defined chains:" || \
- fail "Removing user defined chains:"
- ;;
+ iftable filter -P FORWARD DROP && \
+ iftable filter -P OUTPUT DROP && \
+ iftable nat -P PREROUTING DROP && \
+ iftable nat -P POSTROUTING DROP && \
+ iftable nat -P OUTPUT DROP && \
+ iftable mangle -P PREROUTING DROP && \
+ iftable mangle -P OUTPUT DROP && \
+ ok || fail
+ iftable filter -F INPUT && \
+ iftable filter -F FORWARD && \
+ iftable filter -F OUTPUT && \
+ iftable nat -F PREROUTING && \
+ iftable nat -F POSTROUTING && \
+ iftable nat -F OUTPUT && \
+ iftable mangle -F PREROUTING && \
+ iftable mangle -F OUTPUT && \
+ ok || fail
+ iftable filter -X INPUT && \
+ iftable filter -X FORWARD && \
+ iftable filter -X OUTPUT && \
+ iftable nat -X PREROUTING && \
+ iftable nat -X POSTROUTING && \
+ iftable nat -X OUTPUT && \
+ iftable mangle -X PREROUTING && \
+ iftable mangle -X OUTPUT && \
+ ok || fail
+ ;;
save)
- show "Saving current rules to $IPTABLES_CONFIG: "
+ show "Saving current rules to %s" $IPTABLES_CONFIG
touch $IPTABLES_CONFIG
chmod 600 $IPTABLES_CONFIG
- /usr/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && \
- ok "Saving current rules to $IPTABLES_CONFIG" || \
- fail "Saving current rules to $IPTABLES_CONFIG"
+ /usr/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && ok || fail
;;
*)
- echo "Usage: $0 {start|stop|restart|force-reload|status|panic|save}"
+ msg_usage "$0 {start|stop|restart|force-reload|status|panic|save}"
exit 3
esac
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/iptables.init?r1=1.7&r2=1.8&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
