#!/bin/sh

# A post-down hook to flush ip tables and delete custom chains in the
# loaded v4 and v6 rulesets.
# Copyright © 2013 Guilhem Moulin <guilhem@fripost.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

set -ue
PATH=/usr/sbin:/usr/bin:/sbin:/bin

# Ignore the loopback interface; run the script for ifdown only.
[ "$IFACE" != lo -a "$MODE" = stop ] || exit 0

case "$ADDRFAM" in
    inet)  ipts=/sbin/iptables-save;  ipt=/sbin/iptables;;
    inet6) ipts=/sbin/ip6tables-save; ipt=/sbin/ip6tables;;
    *)     exit 0
esac

$ipts | sed -nr 's/^\*//p' | \
while read table; do
    $ipt -t "$table" -F
    $ipt -t "$table" -X
done