git://git.onelab.eu
/
nodemanager.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
e64ef28
)
Don't mess with the blacklist, it's handled elsewhere.
author
Daniel Hokka Zakrisson
<dhokka@cs.princeton.edu>
Tue, 4 Dec 2007 22:52:15 +0000
(22:52 +0000)
committer
Daniel Hokka Zakrisson
<dhokka@cs.princeton.edu>
Tue, 4 Dec 2007 22:52:15 +0000
(22:52 +0000)
iptables.py
patch
|
blob
|
history
diff --git
a/iptables.py
b/iptables.py
index
fa83ee6
..
faadd7c
100644
(file)
--- a/
iptables.py
+++ b/
iptables.py
@@
-35,17
+35,20
@@
class IPTables:
if (len(self.extifs) + len(self.intifs) + len(self.pfs)) == 0:
return True
if (len(self.extifs) + len(self.intifs) + len(self.pfs)) == 0:
return True
- restore = subprocess.Popen([self.IPTABLES_RESTORE], stdin=subprocess.PIPE)
+ restore = subprocess.Popen([self.IPTABLES_RESTORE
, "--noflush"
], stdin=subprocess.PIPE)
restore.stdin.write("""*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
restore.stdin.write("""*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-:BLACKLIST - [0:0]
:LOGDROP - [0:0]
:SLICESPRE - [0:0]
:SLICES - [0:0]
:PORTFW - [0:0]
:LOGDROP - [0:0]
:SLICESPRE - [0:0]
:SLICES - [0:0]
:PORTFW - [0:0]
+-F INPUT
+-F FORWARD
+-F OUTPUT
+
-A LOGDROP -j LOG
-A LOGDROP -j DROP
-A OUTPUT -j BLACKLIST
-A LOGDROP -j LOG
-A LOGDROP -j DROP
-A OUTPUT -j BLACKLIST
@@
-79,6
+82,10
@@
class IPTables:
:OUTPUT ACCEPT [0:0]
:PORTFW - [0:0]
:MASQ - [0:0]
:OUTPUT ACCEPT [0:0]
:PORTFW - [0:0]
:MASQ - [0:0]
+
+-F PREROUTING
+-F POSTROUTING
+-F OUTPUT
""")
for ext in self.extifs:
""")
for ext in self.extifs: