diff options
Diffstat (limited to 'roles/common/files/etc/network/if-post-down.d/iptables')
| -rwxr-xr-x | roles/common/files/etc/network/if-post-down.d/iptables | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/roles/common/files/etc/network/if-post-down.d/iptables b/roles/common/files/etc/network/if-post-down.d/iptables new file mode 100755 index 0000000..944ff3a --- /dev/null +++ b/roles/common/files/etc/network/if-post-down.d/iptables @@ -0,0 +1,27 @@ +#!/bin/sh +# +# A post-down hook to flush ip tables and delete custom chains in the +# loaded v4 and v6 rulesets. +# +# Copyright 2013 Guilhem Moulin <guilhem@fripost.org> +# +# Licensed under the GNU GPL version 3 or higher. +# + +set -ue +PATH=/usr/sbin:/usr/bin:/sbin:/bin + +# Ignore the loopback interface; run the script for ifdown only. +[ "$IFACE" != lo -a "$MODE" = stop ] || exit 0 + +case "$ADDRFAM" in + inet) ipts=/sbin/iptables-save; ipt=/sbin/iptables;; + inet6) ipts=/sbin/ip6tables-save; ipt=/sbin/ip6tables;; + *) exit 0 +esac + +$ipts | sed -nr 's/^\*//p' | \ +while read table; do + $ipt -t "$table" -F + $ipt -t "$table" -X +done |