[Astlinux-commits] SF.net SVN: astlinux:[8356] branches/1.0/package/arnofw

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 8356
          http://sourceforge.net/p/astlinux/code/8356
Author:   abelbeck
Date:     2017-05-30 18:33:52 +0000 (Tue, 30 May 2017)
Log Message:
-----------
arnofw, add flush IPv6 NAT tables to the main script

Modified Paths:
--------------
    branches/1.0/package/arnofw/net-prefix-translation/20net-prefix-translation.plugin.sh

Added Paths:
-----------
    branches/1.0/package/arnofw/arnofw-0003-flush-ipv6-nat-tables.patch

Added: branches/1.0/package/arnofw/arnofw-0003-flush-ipv6-nat-tables.patch
===================================================================

--- branches/1.0/package/arnofw/arnofw-0003-flush-ipv6-nat-tables.patch	                        (rev 0)
+++ branches/1.0/package/arnofw/arnofw-0003-flush-ipv6-nat-tables.patch	2017-05-30 18:33:52 UTC (rev 8356)
@@ -0,0 +1,111 @@
+From bee4d9337f40c015091af45a752abb6a7dc7f24d Mon Sep 17 00:00:00 2001
+From: Lonnie Abelbeck <lo...@ab...>
+Date: Tue, 30 May 2017 11:43:49 -0500
+Subject: [PATCH 1/3] changed: better method to truncate/create a file
+
+---
+ bin/arno-iptables-firewall | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
+index 1ee713f..592b90b 100755
+--- a/bin/arno-iptables-firewall
++++ b/bin/arno-iptables-firewall
+@@ -4758,7 +4758,7 @@ plugins_start()
+   local plugin_count=0
+ 
+   # Truncate/create file
+-  cp -f /dev/null "$PLUGIN_LOAD_FILE"
++  : > "$PLUGIN_LOAD_FILE"
+ 
+   printf "Checking for (user) plugins in $PLUGIN_BIN_PATH..."
+ 
+
+From 824e33d67a8d8e636aaf30885698ce1c49d1c044 Mon Sep 17 00:00:00 2001
+From: Lonnie Abelbeck <lo...@ab...>
+Date: Tue, 30 May 2017 12:31:51 -0500
+Subject: [PATCH 2/3] fixed: IPv6 NAT table was not flushed, Issue #36
+
+---
+ bin/arno-iptables-firewall | 27 +++++++++++++++++++--------
+ 1 file changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
+index 592b90b..53408ec 100755
+--- a/bin/arno-iptables-firewall
++++ b/bin/arno-iptables-firewall
+@@ -744,8 +744,10 @@ init_firewall_chains()
+     ip6tables -F OUTPUT
+     ip6tables -F FORWARD
+ 
+-    # Flush rules in mangle table
++    # Flush rules in nat/mangle table
+     #############################
++    try_ip6tables -t nat -F
++    try_ip6tables -t nat -X
+     ip6tables -t mangle -F
+     ip6tables -t mangle -X
+   fi
+@@ -5592,11 +5594,11 @@ stop_firewall()
+   ip4tables -F OUTPUT
+   ip4tables -F FORWARD
+ 
+-  # Flush rules in the mangle/nat tables
+-  ip4tables -t mangle -F
+-  ip4tables -t mangle -X
++  # Flush rules in the nat/mangle tables
+   ip4tables -t nat -F
+   ip4tables -t nat -X
++  ip4tables -t mangle -F
++  ip4tables -t mangle -X
+ 
+   # Attempt to flush all IPv4 chains
+   ip4tables -F
+@@ -5613,7 +5615,9 @@ stop_firewall()
+     ip6tables -F OUTPUT
+     ip6tables -F FORWARD
+ 
+-    # Flush rules in the mangle table
++    # Flush rules in the nat/mangle table
++    try_ip6tables -t nat -F
++    try_ip6tables -t nat -X
+     ip6tables -t mangle -F
+     ip6tables -t mangle -X
+ 
+@@ -5662,6 +5666,11 @@ reinit_firewall_chains()
+     ip6tables -F OUTPUT
+     ip6tables -F FORWARD
+ 
++    # Flush builtin IPv6 nat chains
++    try_ip6tables -t nat -F PREROUTING
++    try_ip6tables -t nat -F OUTPUT
++    try_ip6tables -t nat -F POSTROUTING
++
+     # Flush builtin IPv6 mangle chains
+     #   We don't have to be selective by chain since we don't
+     #   expect any external, dynamically managed mangle chains
+@@ -5692,10 +5701,10 @@ stop_block_firewall()
+   ip4tables -F FORWARD
+ 
+   # Flush nat/mangle table rules
+-  ip4tables -t mangle -F
+-  ip4tables -t mangle -X
+   ip4tables -t nat -F
+   ip4tables -t nat -X
++  ip4tables -t mangle -F
++  ip4tables -t mangle -X
+ 
+   # Attempt to flush all IPv4 chains
+   ip4tables -F
+@@ -5714,7 +5723,9 @@ stop_block_firewall()
+     ip6tables -F OUTPUT
+     ip6tables -F FORWARD
+ 
+-    # Flush mangle table rules
++    # Flush nat/mangle table rules
++    try_ip6tables -t nat -F
++    try_ip6tables -t nat -X
+     ip6tables -t mangle -F
+     ip6tables -t mangle -X
+ 
+

Modified: branches/1.0/package/arnofw/net-prefix-translation/20net-prefix-translation.plugin.sh
===================================================================
--- branches/1.0/package/arnofw/net-prefix-translation/20net-prefix-translation.plugin.sh	2017-05-30 16:28:34 UTC (rev 8355)
+++ branches/1.0/package/arnofw/net-prefix-translation/20net-prefix-translation.plugin.sh	2017-05-30 18:33:52 UTC (rev 8356)
@@ -101,11 +101,6 @@
 {
   local global_prefix local_prefix eif IFS
 
-  #### remove when in main script ####
-  ip6tables -t nat -F
-  ip6tables -t nat -X
-  ####
-
   ip6tables -t nat -N NET_PREFIX_TRANSLATION_IN 2>/dev/null
   ip6tables -t nat -F NET_PREFIX_TRANSLATION_IN
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



