support co-existence with other firewall management tools

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2019-12-24 21:21:13 +0200
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2020-01-17 18:26:05 +0200
commit: 408d036cf9a26ec8a419a358c3e96df9dabfc082 (patch)
tree: b23af1365f9f20c8aef3eda2479a7f5a0b4df8cc /awall-cli
parent: c81d6fc2ce59212a4cdee9244417dd86a15e8844 (diff)
download: awall-408d036cf9a26ec8a419a358c3e96df9dabfc082.tar.bz2
awall-408d036cf9a26ec8a419a358c3e96df9dabfc082.tar.xz
1 files changed, 11 insertions, 4 deletions
diff --git a/awall-cli b/awall-cli
index 8b48e1b..57c0cc0 100755
--- a/awall-cli
+++ b/awall-cli
@@ -49,10 +49,15 @@ Run-time activation of new firewall configuration:
     configuration is restored.
 
 Flush firewall configuration:
-    awall flush
+    awall flush [-a|--all]
 
-    This command deletes all firewall rules and configures it to drop
-    all packets.
+    Normally, this command deletes all firewall rules and configures
+    it to drop all packets.
+
+    If awall is configured to co-exist with other firewall management
+    tools, this command flushes only the rules installed by awall.
+    Specifying --all overrides this behavior and causes all rules to
+    be flushed.
 
 Enable/disable optional policies:
     awall {enable|disable} <policy>...
@@ -428,7 +433,9 @@ if not call(
 	 end
 
 
-      elseif mode == 'flush' then iptables.flush()
+      elseif mode == 'flush' then
+	 if all then iptables.flush()
+	 else config:flush() end
 
       else assert(false) end
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2019-12-24 21:21:13 +0200
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2020-01-17 18:26:05 +0200
commit	408d036cf9a26ec8a419a358c3e96df9dabfc082 (patch)
tree	b23af1365f9f20c8aef3eda2479a7f5a0b4df8cc /awall-cli
parent	c81d6fc2ce59212a4cdee9244417dd86a15e8844 (diff)
download	awall-408d036cf9a26ec8a419a358c3e96df9dabfc082.tar.bz2 awall-408d036cf9a26ec8a419a358c3e96df9dabfc082.tar.xz