RedHat Iptables 脚本移植给SUSE(2)

echo -n $"Flushing firewall rules: "
    ret=0
    # For all tables
    for i in $tables; do
        # Flush firewall rules.
    $IPTABLES -t $i -F;
    let ret+=$?;

# Delete firewall chains.
    $IPTABLES -t $i -X;
    let ret+=$?;

# Set counter to zero.
    $IPTABLES -t $i -Z;
    let ret+=$?;
    done
    rc_failed $ret
    rc_status -v
    return $ret;
}

set_policy() {
    # Set policy for configured tables.
    policy=$1

# Check if iptable module is loaded
    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1

# Check if firewall is configured (has tables)
    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
    [ -z "$tables" ] && return 1

echo -n $"Setting chains to policy $policy: "
    ret=0
    for i in $tables; do
    echo -n "$i "
    case "$i" in
        filter)
                $IPTABLES -t filter -P INPUT $policy \
            && $IPTABLES -t filter -P OUTPUT $policy \
            && $IPTABLES -t filter -P FORWARD $policy \
            || let ret+=1
        ;;
        nat)
        $IPTABLES -t nat -P PREROUTING $policy \
            && $IPTABLES -t nat -P POSTROUTING $policy \
            && $IPTABLES -t nat -P OUTPUT $policy \
            || let ret+=1
        ;;
        mangle)
            $IPTABLES -t mangle -P PREROUTING $policy \
            && $IPTABLES -t mangle -P POSTROUTING $policy \
            && $IPTABLES -t mangle -P INPUT $policy \
            && $IPTABLES -t mangle -P OUTPUT $policy \
            && $IPTABLES -t mangle -P FORWARD $policy \
            || let ret+=1
        ;;
        *)
            let ret+=1
        ;;
        esac
    done
    rc_failed $ret
    rc_status -v
    return $ret
}

start() {
    # Do not start if there is no config file.
    [ -f "$IPTABLES_DATA" ] || return 1

echo -n $"Applying $IPTABLES firewall rules: "

OPT=
    [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
    ret=0
    $IPTABLES-restore $OPT $IPTABLES_DATA
    ret=$?
    if [ $ret -ne 0 ]; then
    return $ret
    fi
  
    # Load additional modules (helpers)
    if [ -n "$IPTABLES_MODULES" ]; then
    echo -n $"Loading additional $IPTABLES modules: "
    ret=0
    for mod in $IPTABLES_MODULES; do
        echo -n "$mod "
        modprobe $mod > /dev/null 2>&1
        let ret+=$?;
    done
    fi
  
    touch $VAR_SUBSYS_IPTABLES
    return $ret
}

stop() {
    # Do not stop if iptables module is not loaded.
    [ -e "$PROC_IPTABLES_NAMES" ] || return 1

flush_n_delete
    set_policy ACCEPT
  
    if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then
    echo -n $"Unloading $IPTABLES modules: "
    ret=0
    rmmod_r ${IPV}_tables
    let ret+=$?;
    rmmod_r ${IPV}_conntrack
    let ret+=$?;
    fi

rm -f $VAR_SUBSYS_IPTABLES
    return $ret
}

save() {
    # Check if iptable module is loaded
    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1

# Check if firewall is configured (has tables)
    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
    [ -z "$tables" ] && return 1

echo -n $"Saving firewall rules to $IPTABLES_DATA: "

OPT=
    [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"