diff --git a/include/functions b/include/functions index fe3dbe4..706ae2c 100644 --- a/include/functions +++ b/include/functions @@ -71,4 +71,54 @@ function reset_color { NEWLINE="-n" fi echo $NEWLINE -e "$DEFAULT_COLOR" -} \ No newline at end of file +} + +# iptables_rules_flush (ipv6|ipv4) +# Clear all rules from iptables - be very careful in how this is called as it +# could easily lock out the user from the network. Best way to be safe, is to +# call iptables_policy_reset first then this function. +function iptables_rules_flush { + IP_VERSION=$0 + case $IP_VERSION in + ipv6) VER_IPTABLES=$IP6TABLES ;; + ipv4|*) VER_IPTABLES=$IPTABLES ;; + esac + $VER_IPTABLES --flush &>/dev/null + $VER_IPTABLES -F OUTPUT &>/dev/null + $VER_IPTABLES -F PREROUTING &>/dev/null + $VER_IPTABLES -F POSTROUTING &>/dev/null + $VER_IPTABLES -F -t mangle &>/dev/null + if [ $NAT ] && [ $IP_VERSION == "ipv4" ]; then + $VER_IPTABLES -F -t nat &>/dev/null + fi + $VER_IPTABLES -F -t raw &>/dev/null +} + +# iptables_policy_set (ipv6|ipv4) (ACCEPT|DROP) +# Sets all policy rules to either ACCEPT or DROP for ipv4 or ipv6 +function iptables_policy_reset { + IP_VERSION=$0 + SET_POLICY=${1=ACCEPT} + case $IP_VERSION in + ipv6) VER_IPTABLES=$IP6TABLES ;; + ipv4|*) VER_IPTABLES=$IPTABLES ;; + esac + $VER_IPTABLES --policy INPUT $SET_POLICY + $VER_IPTABLES --policy OUTPUT $SET_POLICY + $VER_IPTABLES --policy FORWARD $SET_POLICY +} + +# show_help +# Show command line options help +function show_help { + echo -e "Firewall/SOSDG ${FW_VERSION} + Brielle Bruns + http://www.sosdg.org/freestuff/firewall + This program comes with ABSOLUTELY NO WARRANTY. + This is free software, and you are welcome to + redistribute it under certain conditions. + + --help\t\tShows this info + --flush\t\tFlushes all rules back to default ACCEPT + " + } \ No newline at end of file diff --git a/rc.firewall b/rc.firewall index d0bd63b..6cb5c2e 100755 --- a/rc.firewall +++ b/rc.firewall @@ -19,9 +19,30 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +FW_VERSION="0.9.4 BETA" +. $BASEDIR/include/static +. $BASEDIR/options +. $BASEDIR/include/functions + +while [ $# -gt 0 ]; do + case "$1" in + -f|--flush) + iptables_policy_reset ipv4 ACCEPT + iptables_policy_reset ipv6 ACCEPT + iptables_rules_flush ipv4 + iptables_rules_flush ipv6 + ;; + -h|--help) + show_help + ;; + esac + shift +done + + echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - Firewall/SOSDG v0.9.4 BETA/UNSTABLE + Firewall/SOSDG ${FW_VERSION} Brielle Bruns http://www.sosdg.org/freestuff/firewall This program comes with ABSOLUTELY NO WARRANTY. @@ -33,20 +54,8 @@ BASEDIR=/etc/firewall-sosdg TWEAKS=$BASEDIR/tweaks #BASEDIR=`pwd` -. $BASEDIR/include/static -. $BASEDIR/options -. $BASEDIR/include/functions +iptables_v4_rules_flush - -$IPTABLES --flush &>/dev/null -$IPTABLES -F OUTPUT &>/dev/null -$IPTABLES -F PREROUTING &>/dev/null -$IPTABLES -F POSTROUTING &>/dev/null -$IPTABLES -F -t mangle &>/dev/null -if [ $NAT ]; then - $IPTABLES -F -t nat &>/dev/null -fi -$IPTABLES -F -t raw &>/dev/null if [ -s "$BASEDIR/include/ipv4_custom_flush" ]; then display_c YELLOW "Loading custom flush rules..." . "$BASEDIR/include/ipv4_custom_flush"