~mdw
/
firewall
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
local.m4: A new network for the SGO VPN.
[firewall]
/
bookends.m4
diff --git
a/bookends.m4
b/bookends.m4
index
a0731d2
..
f451c8d
100644
(file)
--- a/
bookends.m4
+++ b/
bookends.m4
@@
-38,6
+38,8
@@
preserve_chains="filter:fail2ban filter:fail2ban-* $preserve_chains"
## Take the various IP versions in turn.
unref=nil
for ip in ip ip6; do
## Take the various IP versions in turn.
unref=nil
for ip in ip ip6; do
+ if [ "$FW_NOACT" ]; then break; fi
+
for table in $(cat /proc/net/${ip}_tables_names); do
## Step 1: clear out the builtin chains.
for table in $(cat /proc/net/${ip}_tables_names); do
## Step 1: clear out the builtin chains.
@@
-216,7
+218,7
@@
case $forward in
run ip6tables -A check-fwd-multi -g bad-destination-address \
-d ff${x}2::/16
done
run ip6tables -A check-fwd-multi -g bad-destination-address \
-d ff${x}2::/16
done
- ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
+
run
ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
;;
esac
;;
esac