diff options
| -rwxr-xr-x | awall-cli | 10 | ||||
| -rw-r--r-- | awall/iptables.lua | 28 |
2 files changed, 25 insertions, 13 deletions
@@ -38,6 +38,12 @@ Run-time activation of new firewall configuration: by hitting RETURN within 10 seconds, the configuration is saved to the files. Otherwise, the old configuration is restored. +Flush firewall configuration: + awall flush + + This command deletes all firewall rules and configures it to drop + all packets. + Enable/disable optional policies: awall {enable|disable} <policy>... @@ -96,7 +102,7 @@ end require 'awall.util' util = awall.util -if not util.contains({'translate', 'activate', 'fallback', +if not util.contains({'translate', 'activate', 'fallback', 'flush', 'enable', 'disable', 'list', 'dump'}, mode) then help() end @@ -222,4 +228,6 @@ elseif mode == 'fallback' then io.stderr:write('\nTimeout, reverting to the old configuration\n') awall.iptables.revert() +elseif mode == 'flush' then awall.iptables.flush() + else assert(false) end diff --git a/awall/iptables.lua b/awall/iptables.lua index 6559f6e..4118ffe 100644 --- a/awall/iptables.lua +++ b/awall/iptables.lua @@ -68,18 +68,7 @@ function BaseIPTables:restore(test) end function BaseIPTables:activate() - local empty = IPTables.new() - for family, params in pairs(families) do - local success, lines = pcall(io.lines, params.procfile) - if success then - for tbl in lines do - for i, chain in ipairs(builtin[tbl]) do - empty.config[family][tbl][chain] = {} - end - end - end - end - empty:restore(false) + flush() self:restore(false) end @@ -146,3 +135,18 @@ end function revert() Backup.new():activate() end + +function flush() + local empty = IPTables.new() + for family, params in pairs(families) do + local success, lines = pcall(io.lines, params.procfile) + if success then + for tbl in lines do + for i, chain in ipairs(builtin[tbl]) do + empty.config[family][tbl][chain] = {} + end + end + end + end + empty:restore(false) +end |