forked from extern/shorewall_code
Clean up policy setup for nat, mangle and raw tables
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3022 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9ac990a640
commit
e34d046490
@ -7712,17 +7712,30 @@ initialize_netfilter () {
|
||||
|
||||
deletechain shorewall
|
||||
|
||||
[ -n "$NAT_ENABLED" ] && delete_nat
|
||||
if [ -n "$NAT_ENABLED" ]; then
|
||||
delete_nat
|
||||
for chain in PREROUTING POSTROUTING OUTPUT; do
|
||||
run_iptables -t nat -P $chain ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
delete_proxy_arp
|
||||
|
||||
[ -n "$MANGLE_ENABLED" ] && \
|
||||
run_iptables -t mangle -F && \
|
||||
if [ -n "$MANGLE_ENABLED" ]; then
|
||||
run_iptables -t mangle -F
|
||||
run_iptables -t mangle -X
|
||||
for chain in PREROUTING INPUT FORWARD POSTROUTING; do
|
||||
run_iptables -t mangle -P $chain ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
[ -n "$RAW_TABLE" ] && \
|
||||
run_iptables -t raw -F && \
|
||||
if [ -n "$RAW_TABLE" ]; then
|
||||
run_iptables -t raw -F
|
||||
run_iptables -t raw -X
|
||||
for chain in PREROUTING OUTPUT; do
|
||||
run_iptables -t raw -P $chain ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
[ -n "$CLEAR_TC" ] && delete_tc
|
||||
|
||||
@ -7734,26 +7747,6 @@ initialize_netfilter () {
|
||||
|
||||
process_criticalhosts
|
||||
|
||||
[ -n "$RAW_TABLE" ] && rawtable=raw || rawtable=
|
||||
|
||||
for table in mangle nat $rawtable ; do
|
||||
case $table in
|
||||
mangle)
|
||||
chains="PREROUTING INPUT FORWARD POSTROUTING"
|
||||
;;
|
||||
nat)
|
||||
chains="PREROUTING POSTROUTING OUTPUT"
|
||||
;;
|
||||
*)
|
||||
chains="PREROUTING OUTPUT"
|
||||
;;
|
||||
esac
|
||||
|
||||
for chain in $chains; do
|
||||
iptables -t $table -P $chain ACCEPT
|
||||
done
|
||||
done
|
||||
|
||||
if [ -n "$CRITICALHOSTS" ]; then
|
||||
|
||||
setpolicy INPUT ACCEPT
|
||||
|
Loading…
Reference in New Issue
Block a user