Commit 19b7b2b6 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

command for flushing ip[6]tables rules

parent 805dec16
...@@ -38,6 +38,12 @@ Run-time activation of new firewall configuration: ...@@ -38,6 +38,12 @@ Run-time activation of new firewall configuration:
by hitting RETURN within 10 seconds, the configuration is saved to by hitting RETURN within 10 seconds, the configuration is saved to
the files. Otherwise, the old configuration is restored. the files. Otherwise, the old configuration is restored.
Flush firewall configuration:
awall flush
This command deletes all firewall rules and configures it to drop
all packets.
Enable/disable optional policies: Enable/disable optional policies:
awall {enable|disable} <policy>... awall {enable|disable} <policy>...
...@@ -96,7 +102,7 @@ end ...@@ -96,7 +102,7 @@ end
require 'awall.util' require 'awall.util'
util = awall.util util = awall.util
if not util.contains({'translate', 'activate', 'fallback', if not util.contains({'translate', 'activate', 'fallback', 'flush',
'enable', 'disable', 'list', 'dump'}, 'enable', 'disable', 'list', 'dump'},
mode) then help() end mode) then help() end
...@@ -222,4 +228,6 @@ elseif mode == 'fallback' then ...@@ -222,4 +228,6 @@ elseif mode == 'fallback' then
io.stderr:write('\nTimeout, reverting to the old configuration\n') io.stderr:write('\nTimeout, reverting to the old configuration\n')
awall.iptables.revert() awall.iptables.revert()
elseif mode == 'flush' then awall.iptables.flush()
else assert(false) end else assert(false) end
...@@ -68,18 +68,7 @@ function BaseIPTables:restore(test) ...@@ -68,18 +68,7 @@ function BaseIPTables:restore(test)
end end
function BaseIPTables:activate() function BaseIPTables:activate()
local empty = IPTables.new() flush()
for family, params in pairs(families) do
local success, lines = pcall(io.lines, params.procfile)
if success then
for tbl in lines do
for i, chain in ipairs(builtin[tbl]) do
empty.config[family][tbl][chain] = {}
end
end
end
end
empty:restore(false)
self:restore(false) self:restore(false)
end end
...@@ -146,3 +135,18 @@ end ...@@ -146,3 +135,18 @@ end
function revert() function revert()
Backup.new():activate() Backup.new():activate()
end end
function flush()
local empty = IPTables.new()
for family, params in pairs(families) do
local success, lines = pcall(io.lines, params.procfile)
if success then
for tbl in lines do
for i, chain in ipairs(builtin[tbl]) do
empty.config[family][tbl][chain] = {}
end
end
end
end
empty:restore(false)
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment