From ae235d65005b23cfb55f51c0627fb68747db5d6d Mon Sep 17 00:00:00 2001 From: "Costa Tsaousis (ktsaou)" Date: Sat, 28 Sep 2013 12:16:56 +0300 Subject: [PATCH] fixed debug mode when fast activating --- firehol.sh | 43 +++++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/firehol.sh b/firehol.sh index be371f2..d50f466 100755 --- a/firehol.sh +++ b/firehol.sh @@ -7013,6 +7013,7 @@ fi # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +# clear all chains firehol_filter_chains= initialize_firewall() { load_kernel_module ip_tables @@ -7054,6 +7055,18 @@ initialize_firewall() { done } +# drop everything +finalize_firewall() { + # Make it drop everything on table 'filter'. + local c= + for c in ${firehol_filter_chains} + do + ${IPTABLES_CMD} -t filter -P "${c}" DROP || exit 1 + done +} + +# this will be run when the first iptables command get executed in pre-process mode. +# so that its commands are prepended to the other iptables commands of the firewall firewall_policy_applied=0 firewall_policy() { firewall_policy_applied=1 @@ -7079,14 +7092,6 @@ firewall_policy() { fi } -finalize_firewall() { - # Make it drop everything on table 'filter'. - local c= - for c in ${firehol_filter_chains} - do - ${IPTABLES_CMD} -t filter -P "${c}" DROP || exit 1 - done -} # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX @@ -7162,16 +7167,6 @@ fi success $"FireHOL: Processing file ${FIREHOL_CONFIG}:" echo -# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -# if we just debugging things, do not proceed further - -if [ "${FIREHOL_MODE}" = "DEBUG" ] -then - ${CAT_CMD} ${FIREHOL_OUTPUT} - - exit 1 -fi - # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX @@ -7190,6 +7185,12 @@ then ) >>${FIREHOL_OUTPUT}.fast done + if [ "${FIREHOL_MODE}" = "DEBUG" ] + then + ${CAT_CMD} ${FIREHOL_OUTPUT}.fast + exit 1 + fi + syslog info "Activating new firewall from ${FIREHOL_CONFIG} (translated to ${FIREHOL_COMMAND_COUNTER} iptables rules)." echo -n $"FireHOL: Fast activating new firewall:" @@ -7209,6 +7210,12 @@ then else + if [ "${FIREHOL_MODE}" = "DEBUG" ] + then + ${CAT_CMD} ${FIREHOL_OUTPUT} + exit 1 + fi + syslog info "Activating new firewall from ${FIREHOL_CONFIG} (translated to ${FIREHOL_COMMAND_COUNTER} iptables rules)." echo -n $"FireHOL: Activating new firewall (${FIREHOL_COMMAND_COUNTER} rules):"