Re: [Fwbuilder-discussion] function reset_iptables_v4()
Brought to you by:
mikehorn
From: Vadim K. <va...@vk...> - 2010-10-18 15:32:48
|
On Mon, Oct 18, 2010 at 8:25 AM, Reinier Boon <R....@te...> wrote: > Dear Vadim, > > Indeed, I found these configlets. However, changing them changes ALL firewalls I build, not only those I want to fix. > And, also important, it is not saved with the firewall itself. When another person from our organization checks out the firewall from the subversion repository, he/she also must not forget to fix the configlets. This will be causing trouble. > > Would it be an option to allow particular script parts to be changed on a per firewall basis? Just like the prolog and the epilog scripts? Not flushing mangle table will lead to duplicate rules and other problems if the policy generated by fwbuilder has rules in this table. If the policy does not have rules in the mangle table, then there is nothing to flush or not flush and I still do not understand the problem. In your original email you said your routing seems to get corrupted during firewall policy install. If you mean routing tables, then they have nothing to do with iptables mangle table. Could you elaborate on that ? --vk > > -- > Best regards, > Reinier Boon > > > Reinier Boon | Senior software engineer | Telecats bv | KvK Enschede 06069106 | Tel: +31 53 488 99 26 | Fax: +31 53 488 99 10 | E mail: r.t...@te... > > -----Original Message----- > From: va...@vk... [mailto:va...@vk...] On Behalf Of Vadim Kurland > Sent: 05 October 2010 17:17 > To: Joost Wolthuis > Cc: fwb...@li...; Reinier Boon > Subject: Re: [Fwbuilder-discussion] function reset_iptables_v4() > > On Tue, Oct 5, 2010 at 4:33 AM, Joost Wolthuis <J.W...@te...> wrote: >> Vadim and Mike, >> >> >> >> In the function reset_iptables_v4() the following peace of code is >> generated >> >> >> >> cat /proc/net/ip_tables_names | while read table; do >> >> $IPTABLES -t $table -L -n | while read c chain rest; do >> >> if test "X$c" = "XChain" ; then >> >> $IPTABLES -t $table -F $chain >> >> fi >> >> done >> >> $IPTABLES -t $table -X >> >> done >> >> } >> >> >> >> We would like to exclude the table MANGLE from being flushed because somehow >> during firewall install our routing seems to corrupted. >> >> Is the a way to achieve this? >> > > you can replace the configlet that generates this function with your > own, this chapter from the Users Guide explains how to do this: > > http://www.fwbuilder.org/4.0/docs/users_guide/configlets.html > > --vk > |