dropping ipt support. Also a script for iptables

init.d/ipt

@@ -1,7 +0,0 @@
-#!/usr/bin/env watchman
-
-service_type='oneshot'
-service_command='/usr/local/sbin/ipt'
-service_args="$cfg_hostname"
-
-stop() { "$service_command" clean; }

init.d/iptables

@@ -0,0 +1,28 @@
+#!/usr/bin/env watchman
+
+service_type='oneshot'
+
+cfg_ip4dump='/etc/iptables/ip4.rules'
+cfg_ip6dump='/etc/iptables/ip6.rules'
+
+start() {
+	watchman.msg "Restoring netfilter rules..."
+	[[ -f "$cfg_ip4dump" ]] && { /usr/bin/iptables-restore < "$cfg_ip4dump"; }
+	[[ -f "$cfg_ip6dump" ]] && { /usr/bin/ip6tables-restore < "$cfg_ip6dump"; }
+}
+
+stop() {
+	watchman.msg "Flushing netfilter rules..."
+
+	iptables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | iptables-restore
+	ip6tables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | ip6tables-restore
+
+	iptables -X
+	ip6tables -X
+}
+
+save() {
+	watchman.msg "Saving netfilter rules..."
+	/usr/bin/iptables-save > "$cfg_ip4dump";
+	/usr/bin/ip6tables-save > "$cfg_ip6dump";
+}