Imrpoving cleaning and prefix all chains with EO-X

2013-11-15 16:14:12 +01:00 · 2013-11-15 16:14:12 +01:00 · 0129cf55db
parent d94d57056f
commit 0129cf55db
1 changed files with 18 additions and 26 deletions
--- a/44
+++ b/44
@ -61,26 +61,18 @@ clean()

    if chain_exists EO-INPUT; then
        $IPTABLES -D INPUT -j EO-INPUT
-        $IPTABLES -F EO-INPUT
-        $IPTABLES -X EO-INPUT
-    fi
-    if chain_exists EO-OUTPUT; then
        $IPTABLES -D OUTPUT -j EO-OUTPUT
-        $IPTABLES -F EO-OUTPUT
-        $IPTABLES -X EO-OUTPUT
-    fi
-    if chain_exists EO-FORWARD; then
        $IPTABLES -D FORWARD -j EO-FORWARD
-        $IPTABLES -F EO-FORWARD
-        $IPTABLES -X EO-FORWARD
-    fi
-    if chain_exists LOGDROP; then
-        $IPTABLES -D INPUT -j LOGDROP
-        $IPTABLES -D OUTPUT -j LOGDROP
-        $IPTABLES -D FORWARD -j LOGDROP
-        $IPTABLES -F LOGDROP
-        $IPTABLES -X LOGDROP
+        $IPTABLES -D INPUT -j EO-LOGDROP
+        $IPTABLES -D OUTPUT -j EO-LOGDROP
+        $IPTABLES -D FORWARD -j EO-LOGDROP
    fi
+
+    for chain in `$IPTABLES --list -n | grep '^Chain EO' | cut -f2 -d ' '`; do
+        $IPTABLES -F $chain
+        $IPTABLES -X $chain
+    done
+
 }

 init()
@ -92,7 +84,7 @@ init()
    $IPTABLES -N EO-INPUT
    $IPTABLES -N EO-OUTPUT
    $IPTABLES -N EO-FORWARD
-    $IPTABLES -N LOGDROP
+    $IPTABLES -N EO-LOGDROP


    # default policies
@ -356,15 +348,15 @@ start()
    $IPTABLES -A FORWARD -j EO-FORWARD

    ## LOG
-    ## Create a LOGDROP chain to log and drop packets
-    $IPTABLES -A LOGDROP -p tcp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied tcp: " --log-level 4
-    $IPTABLES -A LOGDROP -p udp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied udp: " --log-level 4
-    $IPTABLES -A LOGDROP -p icmp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied icmp: " --log-level 4
-    $IPTABLES -A LOGDROP -j DROP
+    ## Create a EO-LOGDROP chain to log and drop packets
+    $IPTABLES -A EO-LOGDROP -p tcp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied tcp: " --log-level 4
+    $IPTABLES -A EO-LOGDROP -p udp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied udp: " --log-level 4
+    $IPTABLES -A EO-LOGDROP -p icmp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied icmp: " --log-level 4
+    $IPTABLES -A EO-LOGDROP -j DROP

-    $IPTABLES -A INPUT -j LOGDROP
-    $IPTABLES -A OUTPUT -j LOGDROP
-    $IPTABLES -A FORWARD -j LOGDROP
+    $IPTABLES -A INPUT -j EO-LOGDROP
+    $IPTABLES -A OUTPUT -j EO-LOGDROP
+    $IPTABLES -A FORWARD -j EO-LOGDROP
 }