From 408d036cf9a26ec8a419a358c3e96df9dabfc082 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Tue, 24 Dec 2019 21:21:13 +0200
Subject: support co-existence with other firewall management tools

---
 awall-cli | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'awall-cli')

diff --git a/awall-cli b/awall-cli
index 8b48e1b..57c0cc0 100755
--- a/awall-cli
+++ b/awall-cli
@@ -49,10 +49,15 @@ Run-time activation of new firewall configuration:
     configuration is restored.
 
 Flush firewall configuration:
-    awall flush
+    awall flush [-a|--all]
 
-    This command deletes all firewall rules and configures it to drop
-    all packets.
+    Normally, this command deletes all firewall rules and configures
+    it to drop all packets.
+
+    If awall is configured to co-exist with other firewall management
+    tools, this command flushes only the rules installed by awall.
+    Specifying --all overrides this behavior and causes all rules to
+    be flushed.
 
 Enable/disable optional policies:
     awall {enable|disable} <policy>...
@@ -428,7 +433,9 @@ if not call(
 	 end
 
 
-      elseif mode == 'flush' then iptables.flush()
+      elseif mode == 'flush' then
+	 if all then iptables.flush()
+	 else config:flush() end
 
       else assert(false) end
 
-- 
cgit v1.2.3