ssm-services/init.d/iptables

37 lines
968 B
Plaintext
Raw Normal View History

#!/usr/bin/env watchman
service_type='oneshot'
cfg_ip4dump='/etc/iptables/ip4.rules'
cfg_ip6dump='/etc/iptables/ip6.rules'
spawn() {
watchman.msg "Restoring netfilter rules..."
2014-03-12 21:08:12 +00:00
[[ -f "$cfg_ip4dump" ]] && {
iptables-restore -t < "$cfg_ip4dump" || return 1
iptables-restore < "$cfg_ip4dump"
}
[[ -f "$cfg_ip6dump" ]] && {
ip6tables-restore -t < "$cfg_ip6dump" || return 1
ip6tables-restore < "$cfg_ip6dump"
}
}
stop() {
watchman.msg "Flushing netfilter rules..."
iptables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | iptables-restore
ip6tables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | ip6tables-restore
2014-03-12 21:08:12 +00:00
for i in $(iptables-save | grep -E '^\*'); do iptables -t "${i//\*/}" -X; done
for i in $(ip6tables-save | grep -E '^\*'); do ip6tables -t "${i//\*/}" -X; done
}
save() {
watchman.msg "Saving netfilter rules..."
/usr/bin/iptables-save > "$cfg_ip4dump";
/usr/bin/ip6tables-save > "$cfg_ip6dump";
}