2014-03-09 22:14:57 +00:00
|
|
|
#!/usr/bin/env watchman
|
|
|
|
|
|
|
|
|
|
service_type='oneshot'
|
|
|
|
|
|
|
|
|
|
cfg_ip4dump='/etc/iptables/ip4.rules'
|
|
|
|
|
cfg_ip6dump='/etc/iptables/ip6.rules'
|
|
|
|
|
|
|
|
|
|
start() {
|
|
|
|
|
watchman.msg "Restoring netfilter rules..."
|
|
|
|
|
[[ -f "$cfg_ip4dump" ]] && { /usr/bin/iptables-restore < "$cfg_ip4dump"; }
|
|
|
|
|
[[ -f "$cfg_ip6dump" ]] && { /usr/bin/ip6tables-restore < "$cfg_ip6dump"; }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
stop() {
|
|
|
|
|
watchman.msg "Flushing netfilter rules..."
|
|
|
|
|
|
|
|
|
|
iptables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | iptables-restore
|
|
|
|
|
ip6tables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | ip6tables-restore
|
|
|
|
|
|
2014-03-09 23:25:17 +00:00
|
|
|
[[ -f '/proc/net/ip_tables_names' ]] && {
|
2014-03-09 23:26:21 +00:00
|
|
|
while read line; do iptables -t "$line" -X; done < /proc/net/ip_tables_names
|
2014-03-09 23:25:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[[ -f '/proc/net/ip6_tables_names' ]] && {
|
2014-03-09 23:26:21 +00:00
|
|
|
while read line; do iptables -t "$line" -X; done < /proc/net/ip6_tables_names
|
2014-03-09 23:25:17 +00:00
|
|
|
}
|
2014-03-09 22:14:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
save() {
|
|
|
|
|
watchman.msg "Saving netfilter rules..."
|
|
|
|
|
/usr/bin/iptables-save > "$cfg_ip4dump";
|
|
|
|
|
/usr/bin/ip6tables-save > "$cfg_ip6dump";
|
|
|
|
|
}
|
