From 0129cf55db629a49ac1d02f6edd3bd12eec3deac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= <jschneider@entrouvert.com>
Date: Fri, 15 Nov 2013 16:14:12 +0100
Subject: [PATCH] Imrpoving cleaning and prefix all chains with EO-X

---
 eofirewall | 44 ++++++++++++++++++--------------------------
 1 file changed, 18 insertions(+), 26 deletions(-)

diff --git a/eofirewall b/eofirewall
index c4a5268..5536560 100755
--- a/eofirewall
+++ b/eofirewall
@@ -61,26 +61,18 @@ clean()
 
     if chain_exists EO-INPUT; then
         $IPTABLES -D INPUT -j EO-INPUT
-        $IPTABLES -F EO-INPUT
-        $IPTABLES -X EO-INPUT
-    fi
-    if chain_exists EO-OUTPUT; then
         $IPTABLES -D OUTPUT -j EO-OUTPUT
-        $IPTABLES -F EO-OUTPUT
-        $IPTABLES -X EO-OUTPUT
-    fi
-    if chain_exists EO-FORWARD; then
         $IPTABLES -D FORWARD -j EO-FORWARD
-        $IPTABLES -F EO-FORWARD
-        $IPTABLES -X EO-FORWARD
-    fi
-    if chain_exists LOGDROP; then
-        $IPTABLES -D INPUT -j LOGDROP
-        $IPTABLES -D OUTPUT -j LOGDROP
-        $IPTABLES -D FORWARD -j LOGDROP
-        $IPTABLES -F LOGDROP
-        $IPTABLES -X LOGDROP
+        $IPTABLES -D INPUT -j EO-LOGDROP
+        $IPTABLES -D OUTPUT -j EO-LOGDROP
+        $IPTABLES -D FORWARD -j EO-LOGDROP
     fi
+
+    for chain in `$IPTABLES --list -n | grep '^Chain EO' | cut -f2 -d ' '`; do
+        $IPTABLES -F $chain
+        $IPTABLES -X $chain
+    done
+
 }
 
 init()
@@ -92,7 +84,7 @@ init()
     $IPTABLES -N EO-INPUT
     $IPTABLES -N EO-OUTPUT
     $IPTABLES -N EO-FORWARD
-    $IPTABLES -N LOGDROP
+    $IPTABLES -N EO-LOGDROP
 
 
     # default policies
@@ -356,15 +348,15 @@ start()
     $IPTABLES -A FORWARD -j EO-FORWARD
 
     ## LOG
-    ## Create a LOGDROP chain to log and drop packets
-    $IPTABLES -A LOGDROP -p tcp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied tcp: " --log-level 4
-    $IPTABLES -A LOGDROP -p udp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied udp: " --log-level 4
-    $IPTABLES -A LOGDROP -p icmp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied icmp: " --log-level 4
-    $IPTABLES -A LOGDROP -j DROP
+    ## Create a EO-LOGDROP chain to log and drop packets
+    $IPTABLES -A EO-LOGDROP -p tcp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied tcp: " --log-level 4
+    $IPTABLES -A EO-LOGDROP -p udp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied udp: " --log-level 4
+    $IPTABLES -A EO-LOGDROP -p icmp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied icmp: " --log-level 4
+    $IPTABLES -A EO-LOGDROP -j DROP
 
-    $IPTABLES -A INPUT -j LOGDROP
-    $IPTABLES -A OUTPUT -j LOGDROP
-    $IPTABLES -A FORWARD -j LOGDROP
+    $IPTABLES -A INPUT -j EO-LOGDROP
+    $IPTABLES -A OUTPUT -j EO-LOGDROP
+    $IPTABLES -A FORWARD -j EO-LOGDROP
 }