More functions and help

include/functions

@@ -71,4 +71,54 @@ function reset_color {
 		NEWLINE="-n"
 	fi
 	echo $NEWLINE -e "$DEFAULT_COLOR"
-}
+}
+
+# iptables_rules_flush (ipv6|ipv4)
+# Clear all rules from iptables - be very careful in how this is called as it
+# could easily lock out the user from the network.  Best way to be safe, is to
+# call iptables_policy_reset first then this function.
+function iptables_rules_flush {
+	IP_VERSION=$0
+	case $IP_VERSION in
+		ipv6) VER_IPTABLES=$IP6TABLES ;;
+		ipv4|*) VER_IPTABLES=$IPTABLES ;;
+	esac
+	$VER_IPTABLES --flush &>/dev/null
+	$VER_IPTABLES -F OUTPUT &>/dev/null
+	$VER_IPTABLES -F PREROUTING &>/dev/null
+	$VER_IPTABLES -F POSTROUTING &>/dev/null
+	$VER_IPTABLES -F -t mangle &>/dev/null
+	if [ $NAT ] && [ $IP_VERSION == "ipv4" ]; then
+		$VER_IPTABLES -F -t nat &>/dev/null
+	fi
+	$VER_IPTABLES -F -t raw &>/dev/null
+}
+
+# iptables_policy_set (ipv6|ipv4) (ACCEPT|DROP)
+# Sets all policy rules to either ACCEPT or DROP for ipv4 or ipv6
+function iptables_policy_reset {
+	IP_VERSION=$0
+	SET_POLICY=${1=ACCEPT}
+	case $IP_VERSION in
+		ipv6) VER_IPTABLES=$IP6TABLES ;;
+		ipv4|*) VER_IPTABLES=$IPTABLES ;;
+	esac
+	$VER_IPTABLES --policy INPUT $SET_POLICY
+	$VER_IPTABLES --policy OUTPUT $SET_POLICY
+	$VER_IPTABLES --policy FORWARD $SET_POLICY
+}
+
+# show_help
+# Show command line options help
+function show_help {
+	 echo -e "Firewall/SOSDG ${FW_VERSION}
+	 	Brielle Bruns <bruns@2mbit.com>
+ 		http://www.sosdg.org/freestuff/firewall
+ 		This program comes with ABSOLUTELY NO WARRANTY.
+ 		This is free software, and you are welcome to 
+ 		redistribute it under certain conditions.
+ 		
+ 		--help\t\tShows this info
+ 		--flush\t\tFlushes all rules back to default ACCEPT
+ 		"
+ }

rc.firewall

@@ -19,9 +19,30 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+FW_VERSION="0.9.4 BETA"
+. $BASEDIR/include/static
+. $BASEDIR/options
+. $BASEDIR/include/functions
+
+while [ $# -gt 0 ]; do
+	case "$1" in
+	-f|--flush)
+		iptables_policy_reset ipv4 ACCEPT
+		iptables_policy_reset ipv6 ACCEPT
+		iptables_rules_flush ipv4
+		iptables_rules_flush ipv6
+		;;
+	-h|--help)
+		show_help
+		;;	
+	esac
+	shift
+done
+
+
 
 echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- Firewall/SOSDG v0.9.4 BETA/UNSTABLE
+ Firewall/SOSDG ${FW_VERSION}
  Brielle Bruns <bruns@2mbit.com>
  http://www.sosdg.org/freestuff/firewall
  This program comes with ABSOLUTELY NO WARRANTY.
@@ -33,20 +54,8 @@ BASEDIR=/etc/firewall-sosdg
 TWEAKS=$BASEDIR/tweaks
 #BASEDIR=`pwd`
 
-. $BASEDIR/include/static
-. $BASEDIR/options
-. $BASEDIR/include/functions
+iptables_v4_rules_flush
 
-
-$IPTABLES --flush &>/dev/null
-$IPTABLES -F OUTPUT &>/dev/null
-$IPTABLES -F PREROUTING &>/dev/null
-$IPTABLES -F POSTROUTING &>/dev/null
-$IPTABLES -F -t mangle &>/dev/null
-if [ $NAT ]; then
-	$IPTABLES -F -t nat &>/dev/null
-fi
-$IPTABLES -F -t raw &>/dev/null
 if [ -s "$BASEDIR/include/ipv4_custom_flush" ]; then
 	display_c YELLOW "Loading custom flush rules..."
 	. "$BASEDIR/include/ipv4_custom_flush"