diff --git a/iptables.init b/iptables.init index e26337e..bbae91d 100755 --- a/iptables.init +++ b/iptables.init @@ -51,22 +51,36 @@ start() { if [ -f $IPTABLES_CONFIG ]; then # If we don't clear these first, we might be adding to # pre-existing rules. - action $"Flushing all current rules and user defined chains:" iptables -F - action $"Clearing all current rules and user defined chains:" iptables -X chains=`cat /proc/net/ip_tables_names 2>/dev/null` - for i in $chains; do iptables -t $i -F; done && \ - success $"Flushing all current rules and user defined chains:" || \ - failure $"Flushing all current rules and user defined chains:" - for i in $chains; do iptables -t $i -X; done && \ - success $"Clearing all current rules and user defined chains:" || \ - failure $"Clearing all current rules and user defined chains:" + echo -n $"Flushing all current rules and user defined chains:" + let ret=0 + for i in $chains; do iptables -t $i -F; let ret+=$?; done + iptables -F + let ret+=$? + if [ $ret -eq 0 ]; then + success + else + failure + fi + echo + echo -n $"Clearing all current rules and user defined chains:" + let ret=0 + for i in $chains; do iptables -t $i -X; let ret+=$?; done + iptables -X + let ret+=$? + if [ $ret -eq 0 ]; then + success + else + failure + fi + echo for i in $chains; do iptables -t $i -Z; done - echo $"Applying iptables firewall rules: " + echo -n $"Applying iptables firewall rules: " grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/iptables-restore -c && \ - success $"Applying iptables firewall rules" || \ - failure $"Applying iptables firewall rules" + success || \ + failure echo touch /var/lock/subsys/iptables fi @@ -74,12 +88,27 @@ start() { stop() { chains=`cat /proc/net/ip_tables_names 2>/dev/null` - for i in $chains; do iptables -t $i -F; done && \ - success $"Flushing all chains:" || \ - failure $"Flushing all chains:" - for i in $chains; do iptables -t $i -X; done && \ - success $"Removing user defined chains:" || \ - failure $"Removing user defined chains:" + echo -n $"Flushing all chains:" + let ret=0 + for i in $chains; do iptables -t $i -F; let ret+=$?; done + iptables -F; let ret+=$? + if [ $ret -eq 0 ]; then + success + else + failure + fi + echo + + echo -n $"Removing user defined chains:" + let ret=0 + for i in $chains; do iptables -t $i -X; let ret+=$?; done + iptables -X; let ret+=$? + if [ $ret -eq 0 ]; then + success + else + failure + fi + echo echo -n $"Resetting built-in chains to the default ACCEPT policy:" iftable filter -P INPUT ACCEPT && \ iftable filter -P OUTPUT ACCEPT && \ @@ -89,8 +118,8 @@ stop() { iftable nat -P OUTPUT ACCEPT && \ iftable mangle -P PREROUTING ACCEPT && \ iftable mangle -P OUTPUT ACCEPT && \ - success $"Resetting built-in chains to the default ACCEPT policy" || \ - failure $"Resetting built-in chains to the default ACCEPT policy" + success || \ + failure echo rm -f /var/lock/subsys/iptables } diff --git a/iptables.spec b/iptables.spec index 93b7e6a..4f3f186 100644 --- a/iptables.spec +++ b/iptables.spec @@ -1,7 +1,7 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities. Version: 1.2.6a -Release: 1 +Release: 2 Source: http://netfilter.kernelnotes.org/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: ip6tables.init @@ -96,6 +96,11 @@ fi %{_mandir}/*/ip6tables* %changelog +* Wed Aug 07 2002 Karsten Hopp +- fixed iptables and ip6tables initscript output, based on #70511 +- check return status of all iptables calls, not just the last one + in a 'for' loop. + * Mon Jul 29 2002 Bernhard Rosenkraenzer 1.2.6a-1 - 1.2.6a (bugfix release, #69747)