diff options
Diffstat (limited to 'abs/core/iptables/iptables')
-rwxr-xr-x | abs/core/iptables/iptables | 31 |
1 files changed, 2 insertions, 29 deletions
diff --git a/abs/core/iptables/iptables b/abs/core/iptables/iptables index 50c13d5..fbb02fa 100755 --- a/abs/core/iptables/iptables +++ b/abs/core/iptables/iptables @@ -4,7 +4,6 @@ [ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables # Set defaults if settings are missing -[ -z "$IPTABLES" ] && IPTABLES=/usr/sbin/iptables [ -z "$IPTABLES_CONF" ] && IPTABLES_CONF=/etc/iptables/iptables.rules . /etc/rc.conf @@ -12,7 +11,7 @@ case "$1" in start) - if [ ! -f $IPTABLES_CONF ]; then + if [ ! -f "$IPTABLES_CONF" ]; then echo "Cannot load iptables rules: $IPTABLES_CONF is missing!" >&2 exit 1 fi @@ -34,41 +33,16 @@ case "$1" in ;; stop) stat_busy "Stopping IP Tables" - echo 0 >/proc/sys/net/ipv4/ip_forward if ! ck_daemon iptables; then fail=0 for table in $(cat /proc/net/ip_tables_names); do - $IPTABLES -t $table -F &>/dev/null && \ - $IPTABLES -t $table -X &>/dev/null && \ - $IPTABLES -t $table -Z &>/dev/null + iptables-restore < /var/lib/iptables/empty-$table.rules [ $? -gt 0 ] && fail=1 done if [ $fail -gt 0 ]; then stat_fail else rm_daemon iptables - # reset policies - for table in filter nat mangle raw; do - if grep -qw $table /proc/net/ip_tables_names; then - $IPTABLES -t $table -P OUTPUT ACCEPT - fi - done - for table in filter mangle; do - if grep -qw $table /proc/net/ip_tables_names; then - $IPTABLES -t $table -P INPUT ACCEPT - $IPTABLES -t $table -P FORWARD ACCEPT - fi - done - for table in nat mangle raw; do - if grep -qw $table /proc/net/ip_tables_names; then - $IPTABLES -t $table -P PREROUTING ACCEPT - fi - done - for table in nat mangle; do - if grep -qw $table /proc/net/ip_tables_names; then - $IPTABLES -t $table -P POSTROUTING ACCEPT - fi - done stat_done fi else @@ -77,7 +51,6 @@ case "$1" in ;; restart) $0 stop - sleep 2 $0 start ;; save) |