chiark
/
gitweb
/
~mdw
/
firewall
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Make FW_NOACT work properly.
[firewall]
/
bookends.m4
diff --git
a/bookends.m4
b/bookends.m4
index a0731d2fac151af0bfc1c5c0ec2d394d61cff8c8..f451c8dbb9f9e7798becd929c242313bc82a322e 100644
(file)
--- a/
bookends.m4
+++ b/
bookends.m4
@@
-38,6
+38,8
@@
preserve_chains="filter:fail2ban filter:fail2ban-* $preserve_chains"
## Take the various IP versions in turn.
unref=nil
for ip in ip ip6; do
## Take the various IP versions in turn.
unref=nil
for ip in ip ip6; do
+ if [ "$FW_NOACT" ]; then break; fi
+
for table in $(cat /proc/net/${ip}_tables_names); do
## Step 1: clear out the builtin chains.
for table in $(cat /proc/net/${ip}_tables_names); do
## Step 1: clear out the builtin chains.
@@
-216,7
+218,7
@@
case $forward in
run ip6tables -A check-fwd-multi -g bad-destination-address \
-d ff${x}2::/16
done
run ip6tables -A check-fwd-multi -g bad-destination-address \
-d ff${x}2::/16
done
- ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
+
run
ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
;;
esac
;;
esac
~mdw / firewall / blobdiff