command for flushing ip[6]tables rules

awall-cli

@@ -38,6 +38,12 @@ Run-time activation of new firewall configuration:
     by hitting RETURN within 10 seconds, the configuration is saved to
     the files. Otherwise, the old configuration is restored.
 
+Flush firewall configuration:
+    awall flush
+
+    This command deletes all firewall rules and configures it to drop
+    all packets.
+
 Enable/disable optional policies:
     awall {enable|disable} <policy>...
 
@@ -96,7 +102,7 @@ end
 require 'awall.util'
 util = awall.util
 
-if not util.contains({'translate', 'activate', 'fallback',
+if not util.contains({'translate', 'activate', 'fallback', 'flush',
 		      'enable', 'disable', 'list', 'dump'},
 		     mode) then help() end
 
@@ -222,4 +228,6 @@ elseif mode == 'fallback' then
    io.stderr:write('\nTimeout, reverting to the old configuration\n')
    awall.iptables.revert()
 
+elseif mode == 'flush' then awall.iptables.flush()
+
 else assert(false) end

awall/iptables.lua

@@ -68,18 +68,7 @@ function BaseIPTables:restore(test)
 end
 
 function BaseIPTables:activate()
-   local empty = IPTables.new()
-   for family, params in pairs(families) do
-      local success, lines = pcall(io.lines, params.procfile)
-      if success then
-	 for tbl in lines do
-	    for i, chain in ipairs(builtin[tbl]) do
-	       empty.config[family][tbl][chain] = {}
-	    end
-	 end
-      end
-   end
-   empty:restore(false)
+   flush()
    self:restore(false)
 end
 
@@ -146,3 +135,18 @@ end
 function revert()
    Backup.new():activate()
 end
+
+function flush()
+   local empty = IPTables.new()
+   for family, params in pairs(families) do
+      local success, lines = pcall(io.lines, params.procfile)
+      if success then
+	 for tbl in lines do
+	    for i, chain in ipairs(builtin[tbl]) do
+	       empty.config[family][tbl][chain] = {}
+	    end
+	 end
+      end
+   end
+   empty:restore(false)
+end