1 files changed, 35 insertions, 82 deletions

diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables
index dd17b97..26a48b4 100644
--- a/core/conf/rc.d/iptables
+++ b/core/conf/rc.d/iptables
@@ -1,86 +1,39 @@
-#!/bin/sh
-#
-# /etc/rc.d/iptables: load/unload iptable rules
-#
 
-rules=/etc/iptables/net.v4
-
-iptables_clear () {
-    echo "clear all iptables tables"
-    iptables -F
-    iptables -X
-    iptables -t nat -F
-    iptables -t nat -X
-    iptables -t mangle -F
-    iptables -t mangle -X
-    iptables -t raw -F
-    iptables -t raw -X
-    iptables -t security -F
-    iptables -t security -X
-}
+source /etc/iptables/ipt-conf.sh
+source /etc/iptables/ipt-firewall.sh
 
 case $1 in
-    start)
-        echo "starting IPv4 firewall filter table..."
-        /usr/sbin/iptables-restore ${rules}
-        ;;
-    stop)
-        iptables_clear
-        echo "stopping firewall and deny everyone..."
-        /usr/sbin/iptables -P INPUT DROP
-        /usr/sbin/iptables -P FORWARD DROP
-        /usr/sbin/iptables -P OUTPUT DROP
-
-        # Unlimited on local
-        /usr/sbin/iptables -A INPUT -i lo -j ACCEPT
-        /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
-
-        # log everything else and drop
-        /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
-        /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
-        /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
-
-        ;;
-    open)
-        iptables_clear
-        echo "outgoing Open firewall and deny everyone..."
-
-        /usr/sbin/iptables -P INPUT DROP
-        /usr/sbin/iptables -P FORWARD DROP
-        /usr/sbin/iptables -P OUTPUT ACCEPT
-
-	/usr/sbin/iptables -t mangle -P PREROUTING ACCEPT
-	/usr/sbin/iptables -t mangle -P INPUT ACCEPT
-	/usr/sbin/iptables -t mangle -P FORWARD ACCEPT
-	/usr/sbin/iptables -t mangle -P OUTPUT ACCEPT
-	/usr/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-
-        /usr/sbin/iptables -A OUTPUT -j ACCEPT
-
-        # Unlimited on local
-        /usr/sbin/iptables -A INPUT -i lo -j ACCEPT
-        /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
-
-        # Accept passive
-        /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
-        /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
-        /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
-
-        # log everything else and drop
-        /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
-        /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
-        /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
-
-        ;;
-
-    restart)
-        $0 stop
-        $0 start
-        ;;
-    *)
-
-        echo "usage: $0 [start|stop|restart]"
-        ;;
+	start)
+		ipt_clear
+		ipt_tables
+		case $TYPE in
+		    bridge)
+			source /etc/iptables/ipt-bridge.sh
+
+			## log everything else and drop
+			ipt_log
+
+			iptables-save > /etc/iptables/net.v4
+			;;
+		    server)
+			source /etc/iptables/iptables-conf.sh
+
+			## log everything else and drop
+			iptables_log
+
+			iptables-save > /etc/iptables/net.v4
+			;;
+		esac
+		;;
+	stop)
+
+		ipt_clear
+		;;
+	restart)
+		$0 stop
+		$0 start
+		;;
+	*)
+		echo "Usage: $0 [start|stop|restart]"
+		;;
 esac
-
-# End of file