Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add flush support directly to ript

  • Loading branch information...
commit 9cf4991e85b3ade8324d78de3fc9302a9e07139d 1 parent 783c7fa
@johnf johnf authored
Showing with 59 additions and 0 deletions.
  1. +30 −0 bin/ript
  2. +29 −0 features/cli.feature
View
30 bin/ript
@@ -127,6 +127,36 @@ if ARGV[0] == 'rules'
exit
end
+ if ARGV[1] == 'flush' then
+ output = <<-EOF
+ iptables --flush --table filter
+ iptables --delete-chain --table filter
+ iptables --table filter --policy INPUT ACCEPT
+ iptables --table filter --policy FORWARD ACCEPT
+ iptables --table filter --policy OUTPUT ACCEPT
+
+ # Clean NAT
+ iptables --flush --table nat
+ iptables --delete-chain --table nat
+ iptables --table nat --policy PREROUTING ACCEPT
+ iptables --table nat --policy POSTROUTING ACCEPT
+ iptables --table nat --policy OUTPUT ACCEPT
+
+ # Clean mangle
+ iptables --flush --table mangle
+ iptables --delete-chain --table mangle
+ iptables --table mangle --policy PREROUTING ACCEPT
+ iptables --table mangle --policy POSTROUTING ACCEPT
+ iptables --table mangle --policy INPUT ACCEPT
+ iptables --table mangle --policy FORWARD ACCEPT
+ iptables --table mangle --policy OUTPUT ACCEPT
+ EOF
+ tempfile = Tempfile.open("ript-apply-#{Time.now.to_i}") {|f| f << output}
+ puts "#{output}"
+ system("sh -e #{tempfile.path}")
+ exit
+ end
+
if ARGV[1] == 'save' then
system('/sbin/iptables-save')
exit
View
29 features/cli.feature
@@ -113,3 +113,32 @@ Feature: Ript cli utility
:OUTPUT ACCEPT \[\d+:\d+\]
COMMIT
"""
+
+ @sudo @timeout-10
+ Scenario: Flush rules
+ Given I have no iptables rules loaded
+ When I run `ript rules flush`
+ Then the output from "ript rules flush" should match:
+ """
+ iptables --flush --table filter
+ iptables --delete-chain --table filter
+ iptables --table filter --policy INPUT ACCEPT
+ iptables --table filter --policy FORWARD ACCEPT
+ iptables --table filter --policy OUTPUT ACCEPT
+
+ # Clean NAT
+ iptables --flush --table nat
+ iptables --delete-chain --table nat
+ iptables --table nat --policy PREROUTING ACCEPT
+ iptables --table nat --policy POSTROUTING ACCEPT
+ iptables --table nat --policy OUTPUT ACCEPT
+
+ # Clean mangle
+ iptables --flush --table mangle
+ iptables --delete-chain --table mangle
+ iptables --table mangle --policy PREROUTING ACCEPT
+ iptables --table mangle --policy POSTROUTING ACCEPT
+ iptables --table mangle --policy INPUT ACCEPT
+ iptables --table mangle --policy FORWARD ACCEPT
+ iptables --table mangle --policy OUTPUT ACCEPT
+ """
Please sign in to comment.
Something went wrong with that request. Please try again.