Gotta love it when you have dos/win line endings unintentionally

bin/srfirewall

@@ -1,71 +1,71 @@
-#/bin/bash
-# By Brielle Bruns <bruns@2mbit.com>
-# URL: http://www.sosdg.org/freestuff/firewall
-# License: GPLv3
-#
-#    Copyright (C) 2009 - 2014  Brielle Bruns
-#    Copyright (C) 2009 - 2014  The Summit Open Source Development Group
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# Static config options, normally do not need to change
-FW_VERSION="2.0"
-
-# Important directory locations
-FWPREFIX="/usr/local"
-FWCONFIGDIR="${FWPREFIX}/etc/srfirewall"
-FWLIBDIR="${FWPREFIX}/lib/srfirewall"
-FWBINDIR="${FWPREFIX}/bin"
-
-# Begin sourcing critical files, because we need things like path right away
-source "${FWCONFIGDIR}/main.conf"
-source "${FWLIBDIR}/binaries.inc"
-source "${FWLIBDIR}/iptables.inc"
-source "${FWLIBDIR}/display.inc"
-
-source "${FWCONFIGDIR}/chains.conf"
-source "${FWCONFIGDIR}/ipv4.conf"
-source "${FWCONFIGDIR}/ipv6.conf"
-
-# We require at least bash v3 or later at this point given some of the more complex
-# operations we do to make the firewall script work.
-if (( ${BASH_VERSINFO[0]} <= "2" )); then
-	echo "Error: We can only run with bash 3.0 or higher.  Please upgrade your version"
-	echo "of bash to something more recent, preferably the latest which is, as of this"
-	echo "writing, 4.x"
-	exit 1
-fi
-
-# Swap out display_c command for dummy command if they don't want
-# output when command is run.
-if [[ "${DisplayDetailedOutput" == "yes" ]]; then
-	display="display_c"
-else
-	display="true"
-fi
-
-if [[ "${EnableIPv4}" == "yes" ]]; then
-	# First flush all rules
-	iptables_rules_flush ipv4
-	
-	# Create the chain sets we'll need and the ones that can be
-	# customized by users in their custom rules
-	setup_iptables_chains ipv4
-	
-
-fi
-
-if [[ "${EnableIPv6}" == "yes" ]]; then
-	# First flush all rules
-	iptables_rules_flush ipv6
+#/bin/bash
+# By Brielle Bruns <bruns@2mbit.com>
+# URL: http://www.sosdg.org/freestuff/firewall
+# License: GPLv3
+#
+#    Copyright (C) 2009 - 2014  Brielle Bruns
+#    Copyright (C) 2009 - 2014  The Summit Open Source Development Group
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Static config options, normally do not need to change
+FW_VERSION="2.0"
+
+# Important directory locations
+FWPREFIX="/usr/local"
+FWCONFIGDIR="${FWPREFIX}/etc/srfirewall"
+FWLIBDIR="${FWPREFIX}/lib/srfirewall"
+FWBINDIR="${FWPREFIX}/bin"
+
+# Begin sourcing critical files, because we need things like path right away
+source "${FWCONFIGDIR}/main.conf"
+source "${FWLIBDIR}/binaries.inc"
+source "${FWLIBDIR}/iptables.inc"
+source "${FWLIBDIR}/display.inc"
+
+source "${FWCONFIGDIR}/chains.conf"
+source "${FWCONFIGDIR}/ipv4.conf"
+source "${FWCONFIGDIR}/ipv6.conf"
+
+# We require at least bash v3 or later at this point given some of the more complex
+# operations we do to make the firewall script work.
+if (( ${BASH_VERSINFO[0]} <= "2" )); then
+	echo "Error: We can only run with bash 3.0 or higher.  Please upgrade your version"
+	echo "of bash to something more recent, preferably the latest which is, as of this"
+	echo "writing, 4.x"
+	exit 1
+fi
+
+# Swap out display_c command for dummy command if they don't want
+# output when command is run.
+if [[ "${DisplayDetailedOutput" == "yes" ]]; then
+	display="display_c"
+else
+	display="true"
+fi
+
+if [[ "${EnableIPv4}" == "yes" ]]; then
+	# First flush all rules
+	iptables_rules_flush ipv4
+	
+	# Create the chain sets we'll need and the ones that can be
+	# customized by users in their custom rules
+	setup_iptables_chains ipv4
+	
+
+fi
+
+if [[ "${EnableIPv6}" == "yes" ]]; then
+	# First flush all rules
+	iptables_rules_flush ipv6
 fi

etc/chains.conf

@@ -1,14 +1,14 @@
-# Chain name mapping
-# Don't change these unless you know what your doing
-
-InPreRules="In-PreRules"
-OutPreRules="Out-PreRules"
-Trusted="In-Trusted"
-InEasyBlock="In-EasyBlock"
-OutEasyBlock="Out-EasyBlock"
-InFilter="In-Filter"
-OutFilter="Out-Filter"
-NAT="NAT"
-PortForward="PortForward"
-InPostRules="In-PostRules"
+# Chain name mapping
+# Don't change these unless you know what your doing
+
+InPreRules="In-PreRules"
+OutPreRules="Out-PreRules"
+Trusted="In-Trusted"
+InEasyBlock="In-EasyBlock"
+OutEasyBlock="Out-EasyBlock"
+InFilter="In-Filter"
+OutFilter="Out-Filter"
+NAT="NAT"
+PortForward="PortForward"
+InPostRules="In-PostRules"
 OutPostRules="Out-PostRules"

etc/ipv4/custom.conf

@@ -1,14 +1,14 @@
-# These are the custom files that can be used to inject rules during loading.  Please don't change them
-# unless you have a good reason.
-# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
-# these files are sourced into the main file during setup of the order of chains.
-
-$V4CUSTPREFIX="${FWPREFIX}/ipv4/"
-
-$v4_Custom_Pre="$V4CUSTPREFIX/prerun.sh"
-$v4_Custom_Trust="$V4CUSTPREFIX/trusted.sh"
-$v4_Custom_EasyBlock="$V4CUSTPREFIX/easyblock.sh"
-$v4_Custom_Filter="$V4CUSTPREFIX/filter.sh"
-$v4_Custom_NAT="$V4CUSTPREFIX/nat.sh"
-$v4_Custom_PortFw="$V4CUSTPREFIX/portfw.sh"
+# These are the custom files that can be used to inject rules during loading.  Please don't change them
+# unless you have a good reason.
+# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
+# these files are sourced into the main file during setup of the order of chains.
+
+$V4CUSTPREFIX="${FWPREFIX}/ipv4/"
+
+$v4_Custom_Pre="$V4CUSTPREFIX/prerun.sh"
+$v4_Custom_Trust="$V4CUSTPREFIX/trusted.sh"
+$v4_Custom_EasyBlock="$V4CUSTPREFIX/easyblock.sh"
+$v4_Custom_Filter="$V4CUSTPREFIX/filter.sh"
+$v4_Custom_NAT="$V4CUSTPREFIX/nat.sh"
+$v4_Custom_PortFw="$V4CUSTPREFIX/portfw.sh"
 $v4_Custom_Post="$V4CUSTPREFIX/postrun.sh"

etc/ipv6/custom.conf

@@ -1,14 +1,14 @@
-# These are the custom files that can be used to inject rules during loading.  Please don't change them
-# unless you have a good reason.
-# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
-# these files are sourced into the main file during setup of the order of chains.
-
-$V6CUSTPREFIX="${FWPREFIX}/ipv6/"
-
-$v6_Custom_Pre="$V6CUSTPREFIX/prerun.sh"
-$v6_Custom_Trust="$V6CUSTPREFIX/trusted.sh"
-$v6_Custom_EasyBlock="$V6CUSTPREFIX/easyblock.sh"
-$v6_Custom_Filter="$V6CUSTPREFIX/filter.sh"
-$v6_Custom_NAT="$V6CUSTPREFIX/nat.sh"
-$v6_Custom_PortFw="$V6CUSTPREFIX/portfw.sh"
+# These are the custom files that can be used to inject rules during loading.  Please don't change them
+# unless you have a good reason.
+# To allow variable propagation/change and some creative changes of rules that I haven't tought of,
+# these files are sourced into the main file during setup of the order of chains.
+
+$V6CUSTPREFIX="${FWPREFIX}/ipv6/"
+
+$v6_Custom_Pre="$V6CUSTPREFIX/prerun.sh"
+$v6_Custom_Trust="$V6CUSTPREFIX/trusted.sh"
+$v6_Custom_EasyBlock="$V6CUSTPREFIX/easyblock.sh"
+$v6_Custom_Filter="$V6CUSTPREFIX/filter.sh"
+$v6_Custom_NAT="$V6CUSTPREFIX/nat.sh"
+$v6_Custom_PortFw="$V6CUSTPREFIX/portfw.sh"
 $v6_Custom_Post="$V6CUSTPREFIX/postrun.sh"

etc/main.conf

@@ -1,11 +1,11 @@
-# Main Configuration File
-
-# Define a prefix for important locations of binaries
-PREFIX="/bin:/sbin:/usr/bin:/usr/sbin:${PREFIX}"
-
-# Enable / Disable IPv4 and IPv6 support (yes/no)
-EnableIPv4=yes
-EnableIPv6=yes
-
-# Display detailed output while running script?
+# Main Configuration File
+
+# Define a prefix for important locations of binaries
+PREFIX="/bin:/sbin:/usr/bin:/usr/sbin:${PREFIX}"
+
+# Enable / Disable IPv4 and IPv6 support (yes/no)
+EnableIPv4=yes
+EnableIPv6=yes
+
+# Display detailed output while running script?
 EnableDetailedOutput=yes

lib/binaries.inc

@@ -1,24 +1,24 @@
-#!/bin/bash
-# By Brielle Bruns <bruns@2mbit.com>
-# URL: http://www.sosdg.org/freestuff/firewall
-# License: GPLv3
-#
-#    Copyright (C) 2009 - 2014  Brielle Bruns
-#    Copyright (C) 2009 - 2014  The Summit Open Source Development Group
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# Try and set some sane defaults for common binaries we need.  Can always override them later.
-MODPROBE=`which modprobe`
-IPTABLES=`which iptables`
-IP6TABLES=`which ip6tables`
+#!/bin/bash
+# By Brielle Bruns <bruns@2mbit.com>
+# URL: http://www.sosdg.org/freestuff/firewall
+# License: GPLv3
+#
+#    Copyright (C) 2009 - 2014  Brielle Bruns
+#    Copyright (C) 2009 - 2014  The Summit Open Source Development Group
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Try and set some sane defaults for common binaries we need.  Can always override them later.
+MODPROBE=`which modprobe`
+IPTABLES=`which iptables`
+IP6TABLES=`which ip6tables`

lib/display.inc

@@ -1,82 +1,82 @@
-#!/bin/bash
-# By Brielle Bruns <bruns@2mbit.com>
-# URL: http://www.sosdg.org/freestuff/firewall
-# License: GPLv3
-#
-#    Copyright (C) 2009 - 2014  Brielle Bruns
-#    Copyright (C) 2009 - 2014  The Summit Open Source Development Group
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-
-# ANSI color sequences
-BLUE="\E[34m"
-GREEN="\E[32m"
-RED="\E[31m"
-YELLOW="\E[33m"
-PURPLE="\E[35m"
-AQUA="\E[36m"
-WHITE="\E[1m"
-GREY="\E[37m"
-DEFAULT_COLOR="\E[39m"
-
-# display_c $COLOR $TEXT BOOL(YN)
-# $COLOR being bash colors
-# $TEXT being what to output (make sure to put " " around text)
-# BOOL being (Y or N) to do newline at end or not
-function display_c {
-	unset COLOR_CODE TEXT NEWLINE
-	DEFAULT_COLOR="\E[39m"
-	COLOR_CODE=`pick_color $1`
-	TEXT="$2"
-	if [ "$3" == "N" ]; then
-		NEWLINE="-n"
-	fi
-	echo -e ${NEWLINE} "${COLOR_CODE}${TEXT}${DEFAULT_COLOR}"
-}
-
-# pick_color $COLOR
-# returns appropriate color codes for use in display_c and such
-function pick_color {
-	case $1 in
-		BLUE) COLOR="\E[34m" ;;
-		GREEN) COLOR="\E[32m" ;;
-		RED) COLOR="\E[31m" ;;
-		YELLOW) COLOR="\E[33m" ;;
-		PURPLE) COLOR="\E[35m" ;;
-		AQUA) COLOR="\E[36m" ;;
-		WHITE) COLOR="\E[1m" ;;
-		GREY) COLOR="\E[37m" ;;
-		*) COLOR="\E[37m" ;;
-	esac
-	echo "${COLOR}"
-}
-
-# reset_color
-function reset_color {
-	unset NEWLINE
-	DEFAULT_COLOR="\E[39m"
-	if [ "$1" == "N" ]; then
-		NEWLINE="-n"
-	fi
-	echo ${NEWLINE} -e "${DEFAULT_COLOR}"
-}
-
-# show_help
-# Show command line options help
-function show_help {
-	 echo "Firewall/SOSDG ${FW_VERSION} - Brielle Bruns <bruns@2mbit.com>"
- 	 echo -e "\t--help\t\tShows this info"
- 	 echo -e "\t--flush\t\tFlushes all rules back to default ACCEPT"
- 	 echo -e "\t--generate-cache\tGenerate cached rule file"
+#!/bin/bash
+# By Brielle Bruns <bruns@2mbit.com>
+# URL: http://www.sosdg.org/freestuff/firewall
+# License: GPLv3
+#
+#    Copyright (C) 2009 - 2014  Brielle Bruns
+#    Copyright (C) 2009 - 2014  The Summit Open Source Development Group
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+# ANSI color sequences
+BLUE="\E[34m"
+GREEN="\E[32m"
+RED="\E[31m"
+YELLOW="\E[33m"
+PURPLE="\E[35m"
+AQUA="\E[36m"
+WHITE="\E[1m"
+GREY="\E[37m"
+DEFAULT_COLOR="\E[39m"
+
+# display_c $COLOR $TEXT BOOL(YN)
+# $COLOR being bash colors
+# $TEXT being what to output (make sure to put " " around text)
+# BOOL being (Y or N) to do newline at end or not
+function display_c {
+	unset COLOR_CODE TEXT NEWLINE
+	DEFAULT_COLOR="\E[39m"
+	COLOR_CODE=`pick_color $1`
+	TEXT="$2"
+	if [ "$3" == "N" ]; then
+		NEWLINE="-n"
+	fi
+	echo -e ${NEWLINE} "${COLOR_CODE}${TEXT}${DEFAULT_COLOR}"
+}
+
+# pick_color $COLOR
+# returns appropriate color codes for use in display_c and such
+function pick_color {
+	case $1 in
+		BLUE) COLOR="\E[34m" ;;
+		GREEN) COLOR="\E[32m" ;;
+		RED) COLOR="\E[31m" ;;
+		YELLOW) COLOR="\E[33m" ;;
+		PURPLE) COLOR="\E[35m" ;;
+		AQUA) COLOR="\E[36m" ;;
+		WHITE) COLOR="\E[1m" ;;
+		GREY) COLOR="\E[37m" ;;
+		*) COLOR="\E[37m" ;;
+	esac
+	echo "${COLOR}"
+}
+
+# reset_color
+function reset_color {
+	unset NEWLINE
+	DEFAULT_COLOR="\E[39m"
+	if [ "$1" == "N" ]; then
+		NEWLINE="-n"
+	fi
+	echo ${NEWLINE} -e "${DEFAULT_COLOR}"
+}
+
+# show_help
+# Show command line options help
+function show_help {
+	 echo "Firewall/SOSDG ${FW_VERSION} - Brielle Bruns <bruns@2mbit.com>"
+ 	 echo -e "\t--help\t\tShows this info"
+ 	 echo -e "\t--flush\t\tFlushes all rules back to default ACCEPT"
+ 	 echo -e "\t--generate-cache\tGenerate cached rule file"
  }

lib/iptables.inc

@@ -1,104 +1,104 @@
-#!/bin/bash
-# By Brielle Bruns <bruns@2mbit.com>
-# URL: http://www.sosdg.org/freestuff/firewall
-# License: GPLv3
-#
-#    Copyright (C) 2009 - 2014  Brielle Bruns
-#    Copyright (C) 2009 - 2014  The Summit Open Source Development Group
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# iptables_rules_flush (ipv6|ipv4)
-# Clear all rules from iptables - be very careful in how this is called as it
-# could easily lock out the user from the network.  Best way to be safe, is to
-# call iptables_policy_reset first then this function.
-function iptables_rules_flush {
-	IP_VERSION=$1
-	case $IP_VERSION in
-		ipv6) VER_IPTABLES=${IP6TABLES} ; TABLE_NAMES=/proc/net/ip6_tables_names ;;
-		ipv4|*) VER_IPTABLES=${IPTABLES} ; TABLE_NAMES=/proc/net/ip_tables_names ;;
-	esac
-	${display_c} RED "Flushing ${IP_VERSION} rules..."
-	${VER_IPTABLES} --flush &>/dev/null
-	${VER_IPTABLES} -F OUTPUT &>/dev/null
-	${VER_IPTABLES} -F PREROUTING &>/dev/null
-	${VER_IPTABLES} -F POSTROUTING &>/dev/null
-	for i in `cat $TABLE_NAMES`; do
-		${VER_IPTABLES} -F -t $i &>/dev/null
-	done
-	${VER_IPTABLES} -X
-}
-
-# iptables_policy_set (ipv6|ipv4) (ACCEPT|DROP)
-# Sets all policy rules to either ACCEPT or DROP for ipv4 or ipv6
-# If no policy given, assume ACCEPT
-function iptables_policy_reset {
-	IP_VERSION=$1
-	SET_POLICY=${2=ACCEPT}
-	case $IP_VERSION in
-		ipv6) VER_IPTABLES=${IP6TABLES} ;;
-		ipv4|*) VER_IPTABLES=${IPTABLES} ;;
-	esac
-	${display_c} RED "Setting ${IP_VERSION} policies to ${SET_POLICY}..."
-	${VER_IPTABLES} --policy INPUT ${SET_POLICY}
-	${VER_IPTABLES} --policy OUTPUT ${SET_POLICY}
-	${VER_IPTABLES} --policy FORWARD ${SET_POLICY}
-}
-
-# setup_iptables_chains (ipv4|ipv6)
-# Creates the default chains when called
-function setup_iptables_chains {
-	IP_VERSION=$1
-	case $IP_VERSION in
-		ipv6) VER_IPTABLES=${IP6TABLES};
-				IPVER="6" ;;
-		ipv4|*) VER_IPTABLES=${IPTABLES}
-				IPVER="4" ;;
-	esac
-	# Create the actual chains
-	${display_c} GREEN "Setting up chains for ${IP_VERSION}..."
-	${VER_IPTABLES} -N ${InPreRules}
-	${VER_IPTABLES} -N ${OutPreRules}
-	${VER_IPTABLES} -N ${Trusted}
-	${VER_IPTABLES} -N ${InEasyBlock}
-	${VER_IPTABLES} -N ${OutEasyBlock}
-	${VER_IPTABLES} -N ${InFilter}
-	${VER_IPTABLES} -N ${OutFilter}
-	${VER_IPTABLES} -N ${FwdFilter}
-	${VER_IPTABLES} -N ${NAT}
-	${VER_IPTABLES} -N ${PortForward}
-	${VER_IPTABLES} -N ${InPostRules}
-	${VER_IPTABLES} -N ${OutPostRules}
-	
-	# Set up rules - the order matters - we do it separately here
-	# for easy viewing of order
-	if [ -x ${v${IPVER}_Custom_Pre} ]; then . ${v${IPVER}_Custom_Pre}; fi
-	${VER_IPTABLES} -A INPUT -j ${InPreRules}
-	${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
-	if [ -x ${v${IPVER}_Custom_Trust} ]; then . ${v${IPVER}_Custom_Trust}; fi
-	${VER_IPTABLES} -A INPUT -j ${Trusted}
-	if [ -x ${v${IPVER}_Custom_EasyBlock} ]; then . ${v${IPVER}_Custom_EasyBlock}; fi
-	${VER_IPTABLES} -A INPUT -j ${InEasyBlock}
-	${VER_IPTABLES} -A OUTPUT -j ${OutEasyBlock}
-	if [ -x ${v${IPVER}_Custom_Filter} ]; then . ${v${IPVER}_Custom_Filter}; fi
-	${VER_IPTABLES} -A INPUT -j ${InFilter}
-	${VER_IPTABLES} -A OUTPUT -j ${OutFilter}
-	${VER_IPTABLES} -A FORWARD -j ${FwdFilter}
-	if [ -x ${v${IPVER}_Custom_NAT} ]; then . ${v${IPVER}_Custom_NAT}; fi
-	${VER_IPTABLES} -A POSTROUTING -j ${NAT}
-	if [ -x ${v${IPVER}_Custom_PortFw} ]; then . ${v${IPVER}_Custom_PortFw}; fi
-	${VER_IPTABLES} -A PREROUTING -j ${PortForward}
-	if [ -x ${v${IPVER}_Custom_Post} ]; then . ${v${IPVER}_Custom_Post}; fi
-	${VER_IPTABLES} -A INPUT -j ${InPostRules}
-	${VER_IPTABLES} -A OUTPUT -j ${OutPostRules}
+#!/bin/bash
+# By Brielle Bruns <bruns@2mbit.com>
+# URL: http://www.sosdg.org/freestuff/firewall
+# License: GPLv3
+#
+#    Copyright (C) 2009 - 2014  Brielle Bruns
+#    Copyright (C) 2009 - 2014  The Summit Open Source Development Group
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# iptables_rules_flush (ipv6|ipv4)
+# Clear all rules from iptables - be very careful in how this is called as it
+# could easily lock out the user from the network.  Best way to be safe, is to
+# call iptables_policy_reset first then this function.
+function iptables_rules_flush {
+	IP_VERSION=$1
+	case $IP_VERSION in
+		ipv6) VER_IPTABLES=${IP6TABLES} ; TABLE_NAMES=/proc/net/ip6_tables_names ;;
+		ipv4|*) VER_IPTABLES=${IPTABLES} ; TABLE_NAMES=/proc/net/ip_tables_names ;;
+	esac
+	${display_c} RED "Flushing ${IP_VERSION} rules..."
+	${VER_IPTABLES} --flush &>/dev/null
+	${VER_IPTABLES} -F OUTPUT &>/dev/null
+	${VER_IPTABLES} -F PREROUTING &>/dev/null
+	${VER_IPTABLES} -F POSTROUTING &>/dev/null
+	for i in `cat $TABLE_NAMES`; do
+		${VER_IPTABLES} -F -t $i &>/dev/null
+	done
+	${VER_IPTABLES} -X
+}
+
+# iptables_policy_set (ipv6|ipv4) (ACCEPT|DROP)
+# Sets all policy rules to either ACCEPT or DROP for ipv4 or ipv6
+# If no policy given, assume ACCEPT
+function iptables_policy_reset {
+	IP_VERSION=$1
+	SET_POLICY=${2=ACCEPT}
+	case $IP_VERSION in
+		ipv6) VER_IPTABLES=${IP6TABLES} ;;
+		ipv4|*) VER_IPTABLES=${IPTABLES} ;;
+	esac
+	${display_c} RED "Setting ${IP_VERSION} policies to ${SET_POLICY}..."
+	${VER_IPTABLES} --policy INPUT ${SET_POLICY}
+	${VER_IPTABLES} --policy OUTPUT ${SET_POLICY}
+	${VER_IPTABLES} --policy FORWARD ${SET_POLICY}
+}
+
+# setup_iptables_chains (ipv4|ipv6)
+# Creates the default chains when called
+function setup_iptables_chains {
+	IP_VERSION=$1
+	case $IP_VERSION in
+		ipv6) VER_IPTABLES=${IP6TABLES};
+				IPVER="6" ;;
+		ipv4|*) VER_IPTABLES=${IPTABLES}
+				IPVER="4" ;;
+	esac
+	# Create the actual chains
+	${display_c} GREEN "Setting up chains for ${IP_VERSION}..."
+	${VER_IPTABLES} -N ${InPreRules}
+	${VER_IPTABLES} -N ${OutPreRules}
+	${VER_IPTABLES} -N ${Trusted}
+	${VER_IPTABLES} -N ${InEasyBlock}
+	${VER_IPTABLES} -N ${OutEasyBlock}
+	${VER_IPTABLES} -N ${InFilter}
+	${VER_IPTABLES} -N ${OutFilter}
+	${VER_IPTABLES} -N ${FwdFilter}
+	${VER_IPTABLES} -N ${NAT}
+	${VER_IPTABLES} -N ${PortForward}
+	${VER_IPTABLES} -N ${InPostRules}
+	${VER_IPTABLES} -N ${OutPostRules}
+	
+	# Set up rules - the order matters - we do it separately here
+	# for easy viewing of order
+	if [ -x ${v${IPVER}_Custom_Pre} ]; then . ${v${IPVER}_Custom_Pre}; fi
+	${VER_IPTABLES} -A INPUT -j ${InPreRules}
+	${VER_IPTABLES} -A OUTPUT -j ${OutPreRules}
+	if [ -x ${v${IPVER}_Custom_Trust} ]; then . ${v${IPVER}_Custom_Trust}; fi
+	${VER_IPTABLES} -A INPUT -j ${Trusted}
+	if [ -x ${v${IPVER}_Custom_EasyBlock} ]; then . ${v${IPVER}_Custom_EasyBlock}; fi
+	${VER_IPTABLES} -A INPUT -j ${InEasyBlock}
+	${VER_IPTABLES} -A OUTPUT -j ${OutEasyBlock}
+	if [ -x ${v${IPVER}_Custom_Filter} ]; then . ${v${IPVER}_Custom_Filter}; fi
+	${VER_IPTABLES} -A INPUT -j ${InFilter}
+	${VER_IPTABLES} -A OUTPUT -j ${OutFilter}
+	${VER_IPTABLES} -A FORWARD -j ${FwdFilter}
+	if [ -x ${v${IPVER}_Custom_NAT} ]; then . ${v${IPVER}_Custom_NAT}; fi
+	${VER_IPTABLES} -A POSTROUTING -j ${NAT}
+	if [ -x ${v${IPVER}_Custom_PortFw} ]; then . ${v${IPVER}_Custom_PortFw}; fi
+	${VER_IPTABLES} -A PREROUTING -j ${PortForward}
+	if [ -x ${v${IPVER}_Custom_Post} ]; then . ${v${IPVER}_Custom_Post}; fi
+	${VER_IPTABLES} -A INPUT -j ${InPostRules}
+	${VER_IPTABLES} -A OUTPUT -j ${OutPostRules}
 }