From 7641a5d5d152db349082b1d0ec93a40888b2ef8e Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 23 Jan 2020 04:29:12 +0100 Subject: Convert firewall to nftables. Debian Buster uses the nftables framework by default. --- .../files/etc/network/if-post-down.d/iptables | 36 ---------------------- 1 file changed, 36 deletions(-) delete mode 100755 roles/common/files/etc/network/if-post-down.d/iptables (limited to 'roles/common/files/etc/network/if-post-down.d/iptables') diff --git a/roles/common/files/etc/network/if-post-down.d/iptables b/roles/common/files/etc/network/if-post-down.d/iptables deleted file mode 100755 index d27977d..0000000 --- a/roles/common/files/etc/network/if-post-down.d/iptables +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -# A post-down hook to flush ip tables and delete custom chains in the -# loaded v4 and v6 rulesets. -# Copyright © 2013 Guilhem Moulin -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -set -ue -PATH=/usr/sbin:/usr/bin:/sbin:/bin - -# Ignore the loopback interface; run the script for ifdown only. -[ "$IFACE" != lo -a "$MODE" = stop ] || exit 0 - -case "$ADDRFAM" in - inet) ipts=/sbin/iptables-save; ipt=/sbin/iptables;; - inet6) ipts=/sbin/ip6tables-save; ipt=/sbin/ip6tables;; - *) exit 0 -esac - -$ipts | sed -nr 's/^\*//p' | \ -while read table; do - $ipt -t "$table" -F - $ipt -t "$table" -X -done -- cgit v1.2.3