|
Lines 173-179
Link Here
|
| 173 |
local RULE |
173 |
local RULE |
| 174 |
local RULES |
174 |
local RULES |
| 175 |
if [ -f "$TABLE/$CHAIN" ] && [ -s "$TABLE/$CHAIN" ]; then |
175 |
if [ -f "$TABLE/$CHAIN" ] && [ -s "$TABLE/$CHAIN" ]; then |
| 176 |
print_message -n -e "\tLoading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
176 |
print_message -n -e "${TAB}Loading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 177 |
RULES=$(< "$TABLE/$CHAIN") |
177 |
RULES=$(< "$TABLE/$CHAIN") |
| 178 |
while read RULE; do |
178 |
while read RULE; do |
| 179 |
RULE=$(iptables_expand_string "$RULE") |
179 |
RULE=$(iptables_expand_string "$RULE") |
|
Lines 205-211
Link Here
|
| 205 |
if [ -f "$TABLE/$CHAIN" ]; then |
205 |
if [ -f "$TABLE/$CHAIN" ]; then |
| 206 |
if [ "$NAME" != "default" ] && [ "$3" != "flush" ]; then |
206 |
if [ "$NAME" != "default" ] && [ "$3" != "flush" ]; then |
| 207 |
[ ! -s "$TABLE/$CHAIN" ] && return |
207 |
[ ! -s "$TABLE/$CHAIN" ] && return |
| 208 |
print_message -n -e "\tUnloading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
208 |
print_message -n -e "${TAB}Unloading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 209 |
RULES=$(tac "$TABLE/$CHAIN") |
209 |
RULES=$(tac "$TABLE/$CHAIN") |
| 210 |
while read RULE; do |
210 |
while read RULE; do |
| 211 |
RULE=$(iptables_expand_string "$RULE") |
211 |
RULE=$(iptables_expand_string "$RULE") |
|
Lines 226-232
Link Here
|
| 226 |
print_message |
226 |
print_message |
| 227 |
else |
227 |
else |
| 228 |
# Flush rules only when stop networking |
228 |
# Flush rules only when stop networking |
| 229 |
print_message -e "\tFlushing the \"$CHAIN\" chain in the \"$TABLE\" table" |
229 |
print_message -e "${TAB}Flushing the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 230 |
iptables_flush_chain $TABLE $CHAIN |
230 |
iptables_flush_chain $TABLE $CHAIN |
| 231 |
fi |
231 |
fi |
| 232 |
fi |
232 |
fi |
|
Lines 245-261
Link Here
|
| 245 |
TABLE=filter |
245 |
TABLE=filter |
| 246 |
[ -z "$IPTABLES_INPUT_POLICY" ] || |
246 |
[ -z "$IPTABLES_INPUT_POLICY" ] || |
| 247 |
{ |
247 |
{ |
| 248 |
print_message -e "\tSetting $IPTABLES_INPUT_POLICY policy for the \"INPUT\" chain in the \"$TABLE\" table" |
248 |
print_message -e "${TAB}Setting $IPTABLES_INPUT_POLICY policy for the \"INPUT\" chain in the \"$TABLE\" table" |
| 249 |
iptables_chain_policy $TABLE INPUT "$IPTABLES_INPUT_POLICY" |
249 |
iptables_chain_policy $TABLE INPUT "$IPTABLES_INPUT_POLICY" |
| 250 |
} |
250 |
} |
| 251 |
[ -z "$IPTABLES_FORWARD_POLICY" ] || |
251 |
[ -z "$IPTABLES_FORWARD_POLICY" ] || |
| 252 |
{ |
252 |
{ |
| 253 |
print_message -e "\tSetting $IPTABLES_FORWARD_POLICY policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
253 |
print_message -e "${TAB}Setting $IPTABLES_FORWARD_POLICY policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
| 254 |
iptables_chain_policy $TABLE FORWARD "$IPTABLES_FORWARD_POLICY" |
254 |
iptables_chain_policy $TABLE FORWARD "$IPTABLES_FORWARD_POLICY" |
| 255 |
} |
255 |
} |
| 256 |
[ -z "$IPTABLES_OUTPUT_POLICY" ] || |
256 |
[ -z "$IPTABLES_OUTPUT_POLICY" ] || |
| 257 |
{ |
257 |
{ |
| 258 |
print_message -e "\tSetting $IPTABLES_OUTPUT_POLICY policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
258 |
print_message -e "${TAB}Setting $IPTABLES_OUTPUT_POLICY policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
| 259 |
iptables_chain_policy $TABLE OUTPUT "$IPTABLES_OUTPUT_POLICY" |
259 |
iptables_chain_policy $TABLE OUTPUT "$IPTABLES_OUTPUT_POLICY" |
| 260 |
} |
260 |
} |
| 261 |
TABLE= |
261 |
TABLE= |
|
Lines 264-270
Link Here
|
| 264 |
# Load modules |
264 |
# Load modules |
| 265 |
if [ -f "modules" ] && [ -s "modules" ]; then |
265 |
if [ -f "modules" ] && [ -s "modules" ]; then |
| 266 |
while read MODULE; do |
266 |
while read MODULE; do |
| 267 |
print_message -e "\tLoading module $MODULE" |
267 |
print_message -e "${TAB}Loading module $MODULE" |
| 268 |
$MODPROBE "$MODULE" || print_error "Can't load module $MODULE" |
268 |
$MODPROBE "$MODULE" || print_error "Can't load module $MODULE" |
| 269 |
done < <(egrep "^[^#]" modules) |
269 |
done < <(egrep "^[^#]" modules) |
| 270 |
fi |
270 |
fi |
|
Lines 277-283
Link Here
|
| 277 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
277 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
| 278 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$IPTABLES_SYSTEM_CHAINS") || |
278 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$IPTABLES_SYSTEM_CHAINS") || |
| 279 |
{ |
279 |
{ |
| 280 |
print_message -e "\tCreating the \"$CHAIN\" chain in the \"$TABLE\" table" |
280 |
print_message -e "${TAB}Creating the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 281 |
iptables_create_chain $TABLE $CHAIN |
281 |
iptables_create_chain $TABLE $CHAIN |
| 282 |
} |
282 |
} |
| 283 |
done |
283 |
done |
|
Lines 317-323
Link Here
|
| 317 |
fi |
317 |
fi |
| 318 |
done |
318 |
done |
| 319 |
fi |
319 |
fi |
| 320 |
[ "$NAME" = "default" ] || print_message -n -e "\t" |
320 |
[ "$NAME" = "default" ] || print_message -n -e "${TAB}" |
| 321 |
} |
321 |
} |
| 322 |
|
322 |
|
| 323 |
iptables_stop() |
323 |
iptables_stop() |
|
Lines 372-378
Link Here
|
| 372 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
372 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
| 373 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$IPTABLES_SYSTEM_CHAINS") || |
373 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$IPTABLES_SYSTEM_CHAINS") || |
| 374 |
{ |
374 |
{ |
| 375 |
print_message -e "\tDeleting the \"$CHAIN\" chain from the \"$TABLE\" table" |
375 |
print_message -e "${TAB}Deleting the \"$CHAIN\" chain from the \"$TABLE\" table" |
| 376 |
iptables_delete_chain $TABLE $CHAIN |
376 |
iptables_delete_chain $TABLE $CHAIN |
| 377 |
} |
377 |
} |
| 378 |
done |
378 |
done |
|
Lines 380-401
Link Here
|
| 380 |
# Unload modules |
380 |
# Unload modules |
| 381 |
if [ -f "modules" ] && [ -s "modules" ]; then |
381 |
if [ -f "modules" ] && [ -s "modules" ]; then |
| 382 |
while read MODULE; do |
382 |
while read MODULE; do |
| 383 |
print_message -e "\tUnloading module $MODULE" |
383 |
print_message -e "${TAB}Unloading module $MODULE" |
| 384 |
$MODPROBE -r "$MODULE" || print_error "Can't unload module $MODULE" |
384 |
$MODPROBE -r "$MODULE" || print_error "Can't unload module $MODULE" |
| 385 |
done < <(tac modules|egrep "^[^#]") |
385 |
done < <(tac modules|egrep "^[^#]") |
| 386 |
fi |
386 |
fi |
| 387 |
# Set ACCEPT policy |
387 |
# Set ACCEPT policy |
| 388 |
if [ "$NAME" = "default" ]; then |
388 |
if [ "$NAME" = "default" ]; then |
| 389 |
TABLE=filter |
389 |
TABLE=filter |
| 390 |
print_message -e "\tSetting ACCEPT policy for the \"INPUT\" chain in the \"$TABLE\" table" |
390 |
print_message -e "${TAB}Setting ACCEPT policy for the \"INPUT\" chain in the \"$TABLE\" table" |
| 391 |
iptables_chain_policy $TABLE INPUT ACCEPT |
391 |
iptables_chain_policy $TABLE INPUT ACCEPT |
| 392 |
print_message -e "\tSetting ACCEPT policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
392 |
print_message -e "${TAB}Setting ACCEPT policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
| 393 |
iptables_chain_policy $TABLE FORWARD ACCEPT |
393 |
iptables_chain_policy $TABLE FORWARD ACCEPT |
| 394 |
print_message -e "\tSetting ACCEPT policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
394 |
print_message -e "${TAB}Setting ACCEPT policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
| 395 |
iptables_chain_policy $TABLE OUTPUT ACCEPT |
395 |
iptables_chain_policy $TABLE OUTPUT ACCEPT |
| 396 |
TABLE= |
396 |
TABLE= |
| 397 |
else |
397 |
else |
| 398 |
print_message -n -e "\t" |
398 |
print_message -n -e "${TAB}" |
| 399 |
fi |
399 |
fi |
| 400 |
} |
400 |
} |
| 401 |
|
401 |
|
|
Lines 572-578
Link Here
|
| 572 |
local RULE |
572 |
local RULE |
| 573 |
local RULES |
573 |
local RULES |
| 574 |
if [ -f "$TABLE/$CHAIN" ] && [ -s "$TABLE/$CHAIN" ]; then |
574 |
if [ -f "$TABLE/$CHAIN" ] && [ -s "$TABLE/$CHAIN" ]; then |
| 575 |
print_message -n -e "\tLoading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
575 |
print_message -n -e "${TAB}Loading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 576 |
RULES=$(< "$TABLE/$CHAIN") |
576 |
RULES=$(< "$TABLE/$CHAIN") |
| 577 |
while read RULE; do |
577 |
while read RULE; do |
| 578 |
RULE=$(ip6tables_expand_string "$RULE") |
578 |
RULE=$(ip6tables_expand_string "$RULE") |
|
Lines 604-610
Link Here
|
| 604 |
if [ -f "$TABLE/$CHAIN" ]; then |
604 |
if [ -f "$TABLE/$CHAIN" ]; then |
| 605 |
if [ "$NAME" != "default" ] && [ "$3" != "flush" ]; then |
605 |
if [ "$NAME" != "default" ] && [ "$3" != "flush" ]; then |
| 606 |
[ ! -s "$TABLE/$CHAIN" ] && return |
606 |
[ ! -s "$TABLE/$CHAIN" ] && return |
| 607 |
print_message -n -e "\tUnloading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
607 |
print_message -n -e "${TAB}Unloading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 608 |
RULES=$(tac "$TABLE/$CHAIN") |
608 |
RULES=$(tac "$TABLE/$CHAIN") |
| 609 |
while read RULE; do |
609 |
while read RULE; do |
| 610 |
RULE=$(ip6tables_expand_string "$RULE") |
610 |
RULE=$(ip6tables_expand_string "$RULE") |
|
Lines 625-631
Link Here
|
| 625 |
print_message |
625 |
print_message |
| 626 |
else |
626 |
else |
| 627 |
# Flush rules only when stop networking |
627 |
# Flush rules only when stop networking |
| 628 |
print_message -e "\tFlushing the \"$CHAIN\" chain in the \"$TABLE\" table" |
628 |
print_message -e "${TAB}Flushing the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 629 |
ip6tables_flush_chain $TABLE $CHAIN |
629 |
ip6tables_flush_chain $TABLE $CHAIN |
| 630 |
fi |
630 |
fi |
| 631 |
fi |
631 |
fi |
|
Lines 644-660
Link Here
|
| 644 |
TABLE=filter |
644 |
TABLE=filter |
| 645 |
[ -z "$IP6TABLES_INPUT_POLICY" ] || |
645 |
[ -z "$IP6TABLES_INPUT_POLICY" ] || |
| 646 |
{ |
646 |
{ |
| 647 |
print_message -e "\tSetting $IP6TABLES_INPUT_POLICY policy for the \"INPUT\" chain in the \"$TABLE\" table" |
647 |
print_message -e "${TAB}Setting $IP6TABLES_INPUT_POLICY policy for the \"INPUT\" chain in the \"$TABLE\" table" |
| 648 |
ip6tables_chain_policy $TABLE INPUT "$IP6TABLES_INPUT_POLICY" |
648 |
ip6tables_chain_policy $TABLE INPUT "$IP6TABLES_INPUT_POLICY" |
| 649 |
} |
649 |
} |
| 650 |
[ -z "$IP6TABLES_FORWARD_POLICY" ] || |
650 |
[ -z "$IP6TABLES_FORWARD_POLICY" ] || |
| 651 |
{ |
651 |
{ |
| 652 |
print_message -e "\tSetting $IP6TABLES_FORWARD_POLICY policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
652 |
print_message -e "${TAB}Setting $IP6TABLES_FORWARD_POLICY policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
| 653 |
ip6tables_chain_policy $TABLE FORWARD "$IP6TABLES_FORWARD_POLICY" |
653 |
ip6tables_chain_policy $TABLE FORWARD "$IP6TABLES_FORWARD_POLICY" |
| 654 |
} |
654 |
} |
| 655 |
[ -z "$IP6TABLES_OUTPUT_POLICY" ] || |
655 |
[ -z "$IP6TABLES_OUTPUT_POLICY" ] || |
| 656 |
{ |
656 |
{ |
| 657 |
print_message -e "\tSetting $IP6TABLES_OUTPUT_POLICY policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
657 |
print_message -e "${TAB}Setting $IP6TABLES_OUTPUT_POLICY policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
| 658 |
ip6tables_chain_policy $TABLE OUTPUT "$IP6TABLES_OUTPUT_POLICY" |
658 |
ip6tables_chain_policy $TABLE OUTPUT "$IP6TABLES_OUTPUT_POLICY" |
| 659 |
} |
659 |
} |
| 660 |
TABLE= |
660 |
TABLE= |
|
Lines 663-669
Link Here
|
| 663 |
# Load modules |
663 |
# Load modules |
| 664 |
if [ -f "modules" ] && [ -s "modules" ]; then |
664 |
if [ -f "modules" ] && [ -s "modules" ]; then |
| 665 |
while read MODULE; do |
665 |
while read MODULE; do |
| 666 |
print_message -e "\tLoading module $MODULE" |
666 |
print_message -e "${TAB}Loading module $MODULE" |
| 667 |
$MODPROBE "$MODULE" || print_error "Can't load module $MODULE" |
667 |
$MODPROBE "$MODULE" || print_error "Can't load module $MODULE" |
| 668 |
done < <(egrep "^[^#]" modules) |
668 |
done < <(egrep "^[^#]" modules) |
| 669 |
fi |
669 |
fi |
|
Lines 676-682
Link Here
|
| 676 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
676 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
| 677 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$IP6TABLES_SYSTEM_CHAINS") || |
677 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$IP6TABLES_SYSTEM_CHAINS") || |
| 678 |
{ |
678 |
{ |
| 679 |
print_message -e "\tCreating the \"$CHAIN\" chain in the \"$TABLE\" table" |
679 |
print_message -e "${TAB}Creating the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 680 |
ip6tables_create_chain $TABLE $CHAIN |
680 |
ip6tables_create_chain $TABLE $CHAIN |
| 681 |
} |
681 |
} |
| 682 |
done |
682 |
done |
|
Lines 716-722
Link Here
|
| 716 |
fi |
716 |
fi |
| 717 |
done |
717 |
done |
| 718 |
fi |
718 |
fi |
| 719 |
[ "$NAME" = "default" ] || print_message -n -e "\t" |
719 |
[ "$NAME" = "default" ] || print_message -n -e "${TAB}" |
| 720 |
} |
720 |
} |
| 721 |
|
721 |
|
| 722 |
ip6tables_stop() |
722 |
ip6tables_stop() |
|
Lines 771-777
Link Here
|
| 771 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
771 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
| 772 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$IP6TABLES_SYSTEM_CHAINS") || |
772 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$IP6TABLES_SYSTEM_CHAINS") || |
| 773 |
{ |
773 |
{ |
| 774 |
print_message -e "\tDeleting the \"$CHAIN\" chain from the \"$TABLE\" table" |
774 |
print_message -e "${TAB}Deleting the \"$CHAIN\" chain from the \"$TABLE\" table" |
| 775 |
ip6tables_delete_chain $TABLE $CHAIN |
775 |
ip6tables_delete_chain $TABLE $CHAIN |
| 776 |
} |
776 |
} |
| 777 |
done |
777 |
done |
|
Lines 779-800
Link Here
|
| 779 |
# Unload modules |
779 |
# Unload modules |
| 780 |
if [ -f "modules" ] && [ -s "modules" ]; then |
780 |
if [ -f "modules" ] && [ -s "modules" ]; then |
| 781 |
while read MODULE; do |
781 |
while read MODULE; do |
| 782 |
print_message -e "\tUnloading module $MODULE" |
782 |
print_message -e "${TAB}Unloading module $MODULE" |
| 783 |
$MODPROBE -r "$MODULE" || print_error "Can't unload module $MODULE" |
783 |
$MODPROBE -r "$MODULE" || print_error "Can't unload module $MODULE" |
| 784 |
done < <(tac modules|egrep "^[^#]") |
784 |
done < <(tac modules|egrep "^[^#]") |
| 785 |
fi |
785 |
fi |
| 786 |
# Set ACCEPT policy |
786 |
# Set ACCEPT policy |
| 787 |
if [ "$NAME" = "default" ]; then |
787 |
if [ "$NAME" = "default" ]; then |
| 788 |
TABLE=filter |
788 |
TABLE=filter |
| 789 |
print_message -e "\tSetting ACCEPT policy for the \"INPUT\" chain in the \"$TABLE\" table" |
789 |
print_message -e "${TAB}Setting ACCEPT policy for the \"INPUT\" chain in the \"$TABLE\" table" |
| 790 |
ip6tables_chain_policy $TABLE INPUT ACCEPT |
790 |
ip6tables_chain_policy $TABLE INPUT ACCEPT |
| 791 |
print_message -e "\tSetting ACCEPT policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
791 |
print_message -e "${TAB}Setting ACCEPT policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
| 792 |
ip6tables_chain_policy $TABLE FORWARD ACCEPT |
792 |
ip6tables_chain_policy $TABLE FORWARD ACCEPT |
| 793 |
print_message -e "\tSetting ACCEPT policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
793 |
print_message -e "${TAB}Setting ACCEPT policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
| 794 |
ip6tables_chain_policy $TABLE OUTPUT ACCEPT |
794 |
ip6tables_chain_policy $TABLE OUTPUT ACCEPT |
| 795 |
TABLE= |
795 |
TABLE= |
| 796 |
else |
796 |
else |
| 797 |
print_message -n -e "\t" |
797 |
print_message -n -e "${TAB}" |
| 798 |
fi |
798 |
fi |
| 799 |
} |
799 |
} |
| 800 |
|
800 |
|
|
Lines 925-931
Link Here
|
| 925 |
local RULE |
925 |
local RULE |
| 926 |
local RULES |
926 |
local RULES |
| 927 |
if [ -f "$TABLE/$CHAIN" ] && [ -s "$TABLE/$CHAIN" ]; then |
927 |
if [ -f "$TABLE/$CHAIN" ] && [ -s "$TABLE/$CHAIN" ]; then |
| 928 |
print_message -n -e "\tLoading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
928 |
print_message -n -e "${TAB}Loading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 929 |
RULES=$(< "$TABLE/$CHAIN") |
929 |
RULES=$(< "$TABLE/$CHAIN") |
| 930 |
while read RULE; do |
930 |
while read RULE; do |
| 931 |
RULE=$(ebtables_expand_string "$RULE") |
931 |
RULE=$(ebtables_expand_string "$RULE") |
|
Lines 957-963
Link Here
|
| 957 |
if [ -f "$TABLE/$CHAIN" ]; then |
957 |
if [ -f "$TABLE/$CHAIN" ]; then |
| 958 |
if [ "$NAME" != "default" ] && [ "$3" != "flush" ]; then |
958 |
if [ "$NAME" != "default" ] && [ "$3" != "flush" ]; then |
| 959 |
[ ! -s "$TABLE/$CHAIN" ] && return |
959 |
[ ! -s "$TABLE/$CHAIN" ] && return |
| 960 |
print_message -n -e "\tUnloading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
960 |
print_message -n -e "${TAB}Unloading rules for the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 961 |
RULES=$(tac "$TABLE/$CHAIN") |
961 |
RULES=$(tac "$TABLE/$CHAIN") |
| 962 |
while read RULE; do |
962 |
while read RULE; do |
| 963 |
RULE=$(ebtables_expand_string "$RULE") |
963 |
RULE=$(ebtables_expand_string "$RULE") |
|
Lines 978-984
Link Here
|
| 978 |
print_message |
978 |
print_message |
| 979 |
else |
979 |
else |
| 980 |
# Flush rules only when stop networking |
980 |
# Flush rules only when stop networking |
| 981 |
print_message -e "\tFlushing the \"$CHAIN\" chain in the \"$TABLE\" table" |
981 |
print_message -e "${TAB}Flushing the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 982 |
ebtables_flush_chain $TABLE $CHAIN |
982 |
ebtables_flush_chain $TABLE $CHAIN |
| 983 |
fi |
983 |
fi |
| 984 |
fi |
984 |
fi |
|
Lines 997-1013
Link Here
|
| 997 |
TABLE=filter |
997 |
TABLE=filter |
| 998 |
[ -z "$EBTABLES_INPUT_POLICY" ] || |
998 |
[ -z "$EBTABLES_INPUT_POLICY" ] || |
| 999 |
{ |
999 |
{ |
| 1000 |
print_message -e "\tSetting $EBTABLES_INPUT_POLICY policy for the \"INPUT\" chain in the \"$TABLE\" table" |
1000 |
print_message -e "${TAB}Setting $EBTABLES_INPUT_POLICY policy for the \"INPUT\" chain in the \"$TABLE\" table" |
| 1001 |
ebtables_chain_policy $TABLE INPUT "$EBTABLES_INPUT_POLICY" |
1001 |
ebtables_chain_policy $TABLE INPUT "$EBTABLES_INPUT_POLICY" |
| 1002 |
} |
1002 |
} |
| 1003 |
[ -z "$EBTABLES_FORWARD_POLICY" ] || |
1003 |
[ -z "$EBTABLES_FORWARD_POLICY" ] || |
| 1004 |
{ |
1004 |
{ |
| 1005 |
print_message -e "\tSetting $EBTABLES_FORWARD_POLICY policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
1005 |
print_message -e "${TAB}Setting $EBTABLES_FORWARD_POLICY policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
| 1006 |
ebtables_chain_policy $TABLE FORWARD "$EBTABLES_FORWARD_POLICY" |
1006 |
ebtables_chain_policy $TABLE FORWARD "$EBTABLES_FORWARD_POLICY" |
| 1007 |
} |
1007 |
} |
| 1008 |
[ -z "$EBTABLES_OUTPUT_POLICY" ] || |
1008 |
[ -z "$EBTABLES_OUTPUT_POLICY" ] || |
| 1009 |
{ |
1009 |
{ |
| 1010 |
print_message -e "\tSetting $EBTABLES_OUTPUT_POLICY policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
1010 |
print_message -e "${TAB}Setting $EBTABLES_OUTPUT_POLICY policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
| 1011 |
ebtables_chain_policy $TABLE OUTPUT "$EBTABLES_OUTPUT_POLICY" |
1011 |
ebtables_chain_policy $TABLE OUTPUT "$EBTABLES_OUTPUT_POLICY" |
| 1012 |
} |
1012 |
} |
| 1013 |
TABLE= |
1013 |
TABLE= |
|
Lines 1016-1022
Link Here
|
| 1016 |
# Load modules |
1016 |
# Load modules |
| 1017 |
if [ -f "modules" ] && [ -s "modules" ]; then |
1017 |
if [ -f "modules" ] && [ -s "modules" ]; then |
| 1018 |
while read MODULE; do |
1018 |
while read MODULE; do |
| 1019 |
print_message -e "\tLoading module $MODULE" |
1019 |
print_message -e "${TAB}Loading module $MODULE" |
| 1020 |
$MODPROBE "$MODULE" || print_error "Can't load module $MODULE" |
1020 |
$MODPROBE "$MODULE" || print_error "Can't load module $MODULE" |
| 1021 |
done < <(egrep "^[^#]" modules) |
1021 |
done < <(egrep "^[^#]" modules) |
| 1022 |
fi |
1022 |
fi |
|
Lines 1029-1035
Link Here
|
| 1029 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
1029 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
| 1030 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$EBTABLES_SYSTEM_CHAINS") || |
1030 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$EBTABLES_SYSTEM_CHAINS") || |
| 1031 |
{ |
1031 |
{ |
| 1032 |
print_message -e "\tCreating the \"$CHAIN\" chain in the \"$TABLE\" table" |
1032 |
print_message -e "${TAB}Creating the \"$CHAIN\" chain in the \"$TABLE\" table" |
| 1033 |
ebtables_create_chain $TABLE $CHAIN |
1033 |
ebtables_create_chain $TABLE $CHAIN |
| 1034 |
} |
1034 |
} |
| 1035 |
done |
1035 |
done |
|
Lines 1069-1075
Link Here
|
| 1069 |
fi |
1069 |
fi |
| 1070 |
done |
1070 |
done |
| 1071 |
fi |
1071 |
fi |
| 1072 |
[ "$NAME" = "default" ] || print_message -n -e "\t" |
1072 |
[ "$NAME" = "default" ] || print_message -n -e "${TAB}" |
| 1073 |
} |
1073 |
} |
| 1074 |
|
1074 |
|
| 1075 |
ebtables_stop() |
1075 |
ebtables_stop() |
|
Lines 1124-1130
Link Here
|
| 1124 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
1124 |
"$TABLE/${CHAIN%.rpm*}" = "$TABLE/$CHAIN" -a "$TABLE/${CHAIN%\~}" = "$TABLE/$CHAIN" ] || continue |
| 1125 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$EBTABLES_SYSTEM_CHAINS") || |
1125 |
egrep -q "([^-]\b|^)$CHAIN(\b[^-]|$)" < <(echo "$EBTABLES_SYSTEM_CHAINS") || |
| 1126 |
{ |
1126 |
{ |
| 1127 |
print_message -e "\tDeleting the \"$CHAIN\" chain from the \"$TABLE\" table" |
1127 |
print_message -e "${TAB}Deleting the \"$CHAIN\" chain from the \"$TABLE\" table" |
| 1128 |
ebtables_delete_chain $TABLE $CHAIN |
1128 |
ebtables_delete_chain $TABLE $CHAIN |
| 1129 |
} |
1129 |
} |
| 1130 |
done |
1130 |
done |
|
Lines 1132-1152
Link Here
|
| 1132 |
# Unload modules |
1132 |
# Unload modules |
| 1133 |
if [ -f "modules" ] && [ -s "modules" ]; then |
1133 |
if [ -f "modules" ] && [ -s "modules" ]; then |
| 1134 |
while read MODULE; do |
1134 |
while read MODULE; do |
| 1135 |
print_message -e "\tUnloading module $MODULE" |
1135 |
print_message -e "${TAB}Unloading module $MODULE" |
| 1136 |
$MODPROBE -r "$MODULE" || print_error "Can't unload module $MODULE" |
1136 |
$MODPROBE -r "$MODULE" || print_error "Can't unload module $MODULE" |
| 1137 |
done < <(tac modules|egrep "^[^#]") |
1137 |
done < <(tac modules|egrep "^[^#]") |
| 1138 |
fi |
1138 |
fi |
| 1139 |
# Set ACCEPT policy |
1139 |
# Set ACCEPT policy |
| 1140 |
if [ "$NAME" = "default" ]; then |
1140 |
if [ "$NAME" = "default" ]; then |
| 1141 |
TABLE=filter |
1141 |
TABLE=filter |
| 1142 |
print_message -e "\tSetting ACCEPT policy for the \"INPUT\" chain in the \"$TABLE\" table" |
1142 |
print_message -e "${TAB}Setting ACCEPT policy for the \"INPUT\" chain in the \"$TABLE\" table" |
| 1143 |
ebtables_chain_policy $TABLE INPUT ACCEPT |
1143 |
ebtables_chain_policy $TABLE INPUT ACCEPT |
| 1144 |
print_message -e "\tSetting ACCEPT policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
1144 |
print_message -e "${TAB}Setting ACCEPT policy for the \"FORWARD\" chain in the \"$TABLE\" table" |
| 1145 |
ebtables_chain_policy $TABLE FORWARD ACCEPT |
1145 |
ebtables_chain_policy $TABLE FORWARD ACCEPT |
| 1146 |
print_message -e "\tSetting ACCEPT policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
1146 |
print_message -e "${TAB}Setting ACCEPT policy for the \"OUTPUT\" chain in the \"$TABLE\" table" |
| 1147 |
ebtables_chain_policy $TABLE OUTPUT ACCEPT |
1147 |
ebtables_chain_policy $TABLE OUTPUT ACCEPT |
| 1148 |
TABLE= |
1148 |
TABLE= |
| 1149 |
else |
1149 |
else |
| 1150 |
print_message -n -e "\t" |
1150 |
print_message -n -e "${TAB}" |
| 1151 |
fi |
1151 |
fi |
| 1152 |
} |
1152 |
} |
