Clean up policy setup for nat, mangle and raw tables -- Take 2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3023 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-23 19:21:21 +02:00 · 2005-11-18 17:02:12 +00:00 · 2005-11-18 17:02:12 +00:00 · fd834a4f64
commit fd834a4f64
parent e34d046490
1 changed files with 19 additions and 25 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -2122,15 +2122,29 @@ stop_firewall() {
    run_user_exit stop
-    [ -n "$MANGLE_ENABLED" ] && \
+    if [ -n "$MANGLE_ENABLED" ]; then
-	run_iptables -t mangle -F && \
+	run_iptables -t mangle -F
 	run_iptables -t mangle -X
 	for chain in PREROUTING INPUT FORWARD POSTROUTING; do
 	    run_iptables -t mangle -P $chain ACCEPT
 	done
    fi
-    [ -n "$RAW_TABLE" ] && \
+    [ -n "$RAW_TABLE" ]; then
-	run_iptables -t raw -F && \
+	run_iptables -t raw -F
 	run_iptables -t raw -X
 	for chain in PREROUTING OUTPUT; do
 	    run_iptables -t raw -P $chain ACCEPT
 	done
    fi
    if [ -n "$NAT_ENABLED" ]; then
 	delete_nat
 	for chain in PREROUTING POSTROUTING OUTPUT; do
 	    run_iptables -t nat -P $chain ACCEPT
 	done
    fi
    [ -n "$NAT_ENABLED" ] && delete_nat
    delete_proxy_arp
    [ -n "$CLEAR_TC" ] && delete_tc1
@ -2138,26 +2152,6 @@ stop_firewall() {
    process_criticalhosts
    [ -n "$RAW_TABLE" ] && rawtable=raw || rawtable=
    for table in mangle nat $rawtable ; do
 	case $table in
 	    mangle)
 		chains="PREROUTING INPUT FORWARD POSTROUTING"
 		;;
 	    nat)
 		chains="PREROUTING POSTROUTING OUTPUT"
 		;;
 	    *)
 		chains="PREROUTING OUTPUT"
 		;;
 	esac
 	for chain in $chains; do
 	    iptables -t $table -P $chain ACCEPT
 	done
    done
    if [ -n "$CRITICALHOSTS" ]; then
 	if [ -z "$ADMINISABSENTMINDED" ]; then
 	    for chain in INPUT OUTPUT; do