1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
#! /bin/sh
# uruk-save - directly dump /etc/uruk/rc to an iptables-save style
# file, without invoking iptables
# this file maintained at http://git.mdcc.cx/uruk.git
# Copyright © 2005 Joost van Baal
# Copyright © 2012,2015 Wessel Dankers
#
# This file is part of Uruk. Uruk is free software; you can redistribute
# it and/or modify it under the terms of the GNU GPL, see the file named
# COPYING.
#
# iptables 1.8.2, kernel >= 2.4.18, IPv4:
#
# table
# built-in chain, built-in chain ...
#
# filter
# INPUT FORWARD OUTPUT
# nat
# PREROUTING INPUT OUTPUT POSTROUTING
# mangle
# PREROUTING INPUT OUTPUT FORWARD POSTROUTING
# raw
# PREROUTING OUTPUT
# security
# INPUT OUTPUT FORWARD
#
echo "# Generated by uruk-save on $(date)"
echo
export uruk_save_dir=$(mktemp -d)
trap 'rm -rf -- "$uruk_save_dir"' EXIT INT HUP QUIT TERM
echo "*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]" >$uruk_save_dir/filter
echo "*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]" >$uruk_save_dir/raw
echo "*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]" >$uruk_save_dir/mangle
case $1 in -6)
# invoke the uruk_save shell function, defined in the uruk script
URUK_IPTABLES=: URUK_IP6TABLES=uruk_save uruk
;; *)
echo "*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]" >$uruk_save_dir/nat
URUK_IPTABLES=uruk_save URUK_IP6TABLES=: uruk
esac
for f in $uruk_save_dir/*
do
cat $f
echo COMMIT
echo
done
echo "# Completed on $(date)"
|
