File: //proc/676643/root/usr/share/netfilter-persistent/plugins.d/15-ip4tables
#!/bin/sh
# This file is part of netfilter-persistent
# (was iptables-persistent)
# Copyright (C) 2009, Simon Richter <sjr@debian.org>
# Copyright (C) 2010, 2014 Jonathan Wiltshire <jmw@debian.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation, either version 3
# of the License, or (at your option) any later version.
set -e
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# Source configuration
if [ -f "/etc/default/netfilter-persistent" ]; then
. /etc/default/netfilter-persistent
fi
load_rules()
{
if [ "${IPTABLES_RESTORE_NOFLUSH}x" = "yesx" ]; then
NOFLUSH='--noflush'
else
NOFLUSH=''
fi
#load IPv4 rules
if [ ! -f /etc/iptables/rules.v4 ]; then
echo "Warning: skipping IPv4 (no rules to load)"
else
iptables-restore $NOFLUSH < /etc/iptables/rules.v4
fi
}
save_rules()
{
if [ ! "${IPTABLES_SKIP_SAVE}x" = "yesx" ]; then
touch /etc/iptables/rules.v4
chmod 0640 /etc/iptables/rules.v4
iptables-save > /etc/iptables/rules.v4
fi
}
flush_rules()
{
TABLES=$(iptables-save | sed -E -n 's/^\*//p')
for table in $TABLES
do
CHAINS=$(iptables-save -t $table | sed -E -n 's/^:([A-Z]+).*/\1/p')
for chain in $CHAINS
do
# policy can't be set on user-defined chains
iptables -t $table -P $chain ACCEPT || true
done
iptables -t $table -F
iptables -t $table -Z
iptables -t $table -X
done
}
case "$1" in
start|restart|reload|force-reload)
load_rules
;;
save)
save_rules
;;
stop)
# Why? because if stop is used, the firewall gets flushed for a variable
# amount of time during package upgrades, leaving the machine vulnerable
# It's also not always desirable to flush during purge
echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
;;
flush)
flush_rules
;;
*)
echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2
exit 1
;;
esac