ssm-services/init.d/iptables

#!/usr/bin/env watchman

service_type='oneshot'

cfg_ip4dump='/etc/iptables/ip4.rules'
cfg_ip6dump='/etc/iptables/ip6.rules'

start() {
	watchman.msg "Restoring netfilter rules..."
	[[ -f "$cfg_ip4dump" ]] && { /usr/bin/iptables-restore < "$cfg_ip4dump"; }
	[[ -f "$cfg_ip6dump" ]] && { /usr/bin/ip6tables-restore < "$cfg_ip6dump"; }
}

stop() {
	watchman.msg "Flushing netfilter rules..."

	iptables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | iptables-restore
	ip6tables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | ip6tables-restore

	[[ -f '/proc/net/ip_tables_names' ]] && {
		while read line; do iptables -t "$line" -X; done < /proc/net/ip_tables_names
	}

	[[ -f '/proc/net/ip6_tables_names' ]] && {
		while read line; do iptables -t "$line" -X; done < /proc/net/ip6_tables_names
	}
}

save() {
	watchman.msg "Saving netfilter rules..."
	/usr/bin/iptables-save > "$cfg_ip4dump";
	/usr/bin/ip6tables-save > "$cfg_ip6dump";
}
dropping ipt support. Also a script for iptables 2014-03-10 02:14:57 +04:00			`#!/usr/bin/env watchman`

			`service_type='oneshot'`

			`cfg_ip4dump='/etc/iptables/ip4.rules'`
			`cfg_ip6dump='/etc/iptables/ip6.rules'`

			`start() {`
			`watchman.msg "Restoring netfilter rules..."`
			`[[ -f "$cfg_ip4dump" ]] && { /usr/bin/iptables-restore < "$cfg_ip4dump"; }`
			`[[ -f "$cfg_ip6dump" ]] && { /usr/bin/ip6tables-restore < "$cfg_ip6dump"; }`
			`}`

			`stop() {`
			`watchman.msg "Flushing netfilter rules..."`

			`iptables-save \| sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' \| iptables-restore`
			`ip6tables-save \| sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' \| ip6tables-restore`

Reading table names from /proc instead of using grep 2014-03-10 03:25:17 +04:00			`[[ -f '/proc/net/ip_tables_names' ]] && {`
fastfix 2014-03-10 03:26:21 +04:00			`while read line; do iptables -t "$line" -X; done < /proc/net/ip_tables_names`
Reading table names from /proc instead of using grep 2014-03-10 03:25:17 +04:00			`}`

			`[[ -f '/proc/net/ip6_tables_names' ]] && {`
fastfix 2014-03-10 03:26:21 +04:00			`while read line; do iptables -t "$line" -X; done < /proc/net/ip6_tables_names`
Reading table names from /proc instead of using grep 2014-03-10 03:25:17 +04:00			`}`
dropping ipt support. Also a script for iptables 2014-03-10 02:14:57 +04:00			`}`

			`save() {`
			`watchman.msg "Saving netfilter rules..."`
			`/usr/bin/iptables-save > "$cfg_ip4dump";`
			`/usr/bin/ip6tables-save > "$cfg_ip6dump";`
			`}`