forked from Spark/ssm-services
@@ -1,13 +1,12 @@
|
||||
#!/usr/bin/env watchman
|
||||
#!/usr/bin/env ssm
|
||||
|
||||
service_type='oneshot'
|
||||
|
||||
cfg_ip4dump='/etc/iptables/ip4.rules'
|
||||
cfg_ip6dump='/etc/iptables/ip6.rules'
|
||||
|
||||
spawn() {
|
||||
watchman.msg "Restoring netfilter rules..."
|
||||
service_command=( /usr/bin/true )
|
||||
|
||||
start() {
|
||||
[[ -f "$cfg_ip4dump" ]] && {
|
||||
iptables-restore -t < "$cfg_ip4dump" || return 1
|
||||
iptables-restore < "$cfg_ip4dump"
|
||||
@@ -17,20 +16,22 @@ spawn() {
|
||||
ip6tables-restore -t < "$cfg_ip6dump" || return 1
|
||||
ip6tables-restore < "$cfg_ip6dump"
|
||||
}
|
||||
|
||||
super_start
|
||||
}
|
||||
|
||||
stop() {
|
||||
watchman.msg "Flushing netfilter rules..."
|
||||
|
||||
iptables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | iptables-restore
|
||||
ip6tables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | ip6tables-restore
|
||||
|
||||
for i in $(iptables-save | grep -E '^\*'); do iptables -t "${i//\*/}" -X; done
|
||||
for i in $(ip6tables-save | grep -E '^\*'); do ip6tables -t "${i//\*/}" -X; done
|
||||
|
||||
super_stop
|
||||
}
|
||||
|
||||
save() {
|
||||
watchman.msg "Saving netfilter rules..."
|
||||
printf 'Saving rules.\n'
|
||||
/usr/bin/iptables-save > "$cfg_ip4dump";
|
||||
/usr/bin/ip6tables-save > "$cfg_ip6dump";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user