Some calls to iptables(8) and friends weren't through `run', so fix
these. Also skip the initial flushing. We probably want to skip the
final dump, but don't do that yet.
## Take the various IP versions in turn.
unref=nil
for ip in ip ip6; do
+ if [ "$FW_NOACT" ]; then break; fi
+
for table in $(cat /proc/net/${ip}_tables_names); do
## Step 1: clear out the builtin chains.
run ip6tables -A check-fwd-multi -g bad-destination-address \
-d ff${x}2::/16
done
- ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
+ run ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
;;
esac
## filter table.
clearchain mangle:bad-destination-address
BAD_DEST=0xf6f377d2
-ip46tables -t mangle -A bad-destination-address -j MARK --set-mark $BAD_DEST
-ip46tables -t mangle -A bad-destination-address -j ACCEPT
+run ip46tables -t mangle -A bad-destination-address \
+ -j MARK --set-mark $BAD_DEST
+run ip46tables -t mangle -A bad-destination-address -j ACCEPT
for i in $inchains; do
- ip46tables -A $i -m mark --mark $BAD_DEST -g bad-destination-address
+ run ip46tables -A $i -m mark --mark $BAD_DEST -g bad-destination-address
done
## Packets over the loopback interface are automatically trusted. All manner