Colt45ws
Joined: 25 Jul 2009 Posts: 5
|
Posted: Sun May 08, 2011 4:53 am Post subject: Improved iptables_init |
|
|
Ive found that when my system loses power or otherwise has to do an unclean shutdown, it will leave iptables polluted with old miniupnpd stuff that the new instance has no knowledge of.
So I hacked this together with lots of research. It could probably be done cleaner/better, but I have no scripting experience.
It works though, and that is what I wanted.
Code: |
#! /bin/sh
# $Id: iptables_init.sh,v 1.4 2008/04/25 18:15:08 nanard Exp $
# Improved Miniupnpd iptables init script.
# Checks for state of filter before doing anything..
EXTIF=eth0
IPTABLES=/sbin/iptables
EXTIP="`LC_ALL=C /sbin/ifconfig $EXTIF | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
NDIRTY="`LC_ALL=C /sbin/iptables -t nat -L -n | grep 'MINIUPNPD' | awk '{printf $1}'`"
FDIRTY="`LC_ALL=C /sbin/iptables -t filter -L -n | grep 'MINIUPNPD' | awk '{printf $1}'`"
echo "External IP = $EXTIP"
if [[ $NDIRTY = "MINIUPNPDChain" ]]; then
echo "Nat table dirty; Cleaning..."
$IPTABLES -t nat -F MINIUPNPD
elif [[ $NDIRTY = "Chain" ]]; then
echo "Dirty NAT chain but no reference..? Fixsted."
$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD
$IPTABLES -t nat -F MINIUPNPD
else
echo "NAT table clean..initalizing.."
$IPTABLES -t nat -N MINIUPNPD
$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD
fi
if [[ $FDIRTY = "MINIUPNPDChain" ]]; then
echo "Filter table dirty; Cleaning..."
$IPTABLES -t filter -F MINIUPNPD
elif [[ $FDIRTY = "Chain" ]]; then
echo "Dirty filter chain but no reference..? Fixsted."
$IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD
$IPTABLES -t filter -F MINIUPNPD
else
echo "Filter table clean..initalizing.."
$IPTABLES -t filter -N MINIUPNPD
$IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD
fi
|
_________________ Gentoo-based Router (Sarah) |
|