1 files changed, 2 insertions, 29 deletions

diff --git a/abs/core/iptables/iptables b/abs/core/iptables/iptables
index 50c13d5..fbb02fa 100755
--- a/abs/core/iptables/iptables
+++ b/abs/core/iptables/iptables
@@ -4,7 +4,6 @@
 [ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
 
 # Set defaults if settings are missing
-[ -z "$IPTABLES" ] && IPTABLES=/usr/sbin/iptables
 [ -z "$IPTABLES_CONF" ] && IPTABLES_CONF=/etc/iptables/iptables.rules
 
 . /etc/rc.conf
@@ -12,7 +11,7 @@
 
 case "$1" in
 	start)
-		if [ ! -f $IPTABLES_CONF ]; then
+		if [ ! -f "$IPTABLES_CONF" ]; then
 			echo "Cannot load iptables rules: $IPTABLES_CONF is missing!" >&2
 			exit 1
 		fi
@@ -34,41 +33,16 @@ case "$1" in
 		;;
 	stop)
 		stat_busy "Stopping IP Tables"
-		echo 0 >/proc/sys/net/ipv4/ip_forward
 		if ! ck_daemon iptables; then
 			fail=0
 			for table in $(cat /proc/net/ip_tables_names); do
-				$IPTABLES -t $table -F &>/dev/null && \
-					$IPTABLES -t $table -X &>/dev/null && \
-					$IPTABLES -t $table -Z &>/dev/null
+				iptables-restore < /var/lib/iptables/empty-$table.rules
 				[ $? -gt 0 ] && fail=1
 			done
 			if [ $fail -gt 0 ]; then
 				stat_fail
 			else
 				rm_daemon iptables
-				# reset policies
-				for table in filter nat mangle raw; do
-					if grep -qw $table /proc/net/ip_tables_names; then
-						$IPTABLES -t $table -P OUTPUT ACCEPT
-					fi
-				done
-				for table in filter mangle; do
-					if grep -qw $table /proc/net/ip_tables_names; then
-						$IPTABLES -t $table -P INPUT ACCEPT
-						$IPTABLES -t $table -P FORWARD ACCEPT
-					fi
-				done
-				for table in nat mangle raw; do
-					if grep -qw $table /proc/net/ip_tables_names; then
-						$IPTABLES -t $table -P PREROUTING ACCEPT
-					fi
-				done
-				for table in nat mangle; do
-					if grep -qw $table /proc/net/ip_tables_names; then
-						$IPTABLES -t $table -P POSTROUTING ACCEPT
-					fi
-				done
 				stat_done
 			fi
 		else
@@ -77,7 +51,6 @@ case "$1" in
 		;;
 	restart)
 		$0 stop
-		sleep 2
 		$0 start
 		;;
 	save)