Don't mess with the blacklist, it's handled elsewhere.

author Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>

Tue, 4 Dec 2007 22:52:15 +0000 (22:52 +0000)

committer Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>

Tue, 4 Dec 2007 22:52:15 +0000 (22:52 +0000)
author Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>
Tue, 4 Dec 2007 22:52:15 +0000 (22:52 +0000)
committer Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>
Tue, 4 Dec 2007 22:52:15 +0000 (22:52 +0000)
diff --git a/iptables.py b/iptables.py

index fa83ee6..faadd7c 100644 (file)
--- a/iptables.py
+++ b/iptables.py
@@ -35,17 +35,20 @@ class IPTables:
          if (len(self.extifs) + len(self.intifs) + len(self.pfs)) == 0:
              return True
  
-        restore = subprocess.Popen([self.IPTABLES_RESTORE], stdin=subprocess.PIPE)
+        restore = subprocess.Popen([self.IPTABLES_RESTORE, "--noflush"], stdin=subprocess.PIPE)
          restore.stdin.write("""*filter
  :INPUT ACCEPT [0:0]
  :FORWARD ACCEPT [0:0]
  :OUTPUT ACCEPT [0:0]
-:BLACKLIST - [0:0]
  :LOGDROP - [0:0]
  :SLICESPRE - [0:0]
  :SLICES - [0:0]
  :PORTFW - [0:0]
  
+-F INPUT
+-F FORWARD
+-F OUTPUT
+
  -A LOGDROP -j LOG
  -A LOGDROP -j DROP
  -A OUTPUT -j BLACKLIST
@@ -79,6 +82,10 @@ class IPTables:
  :OUTPUT ACCEPT [0:0]
  :PORTFW - [0:0]
  :MASQ - [0:0]
+
+-F PREROUTING
+-F POSTROUTING
+-F OUTPUT
  """)
  
          for ext in self.extifs:
author	Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>
	Tue, 4 Dec 2007 22:52:15 +0000 (22:52 +0000)
committer	Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>
	Tue, 4 Dec 2007 22:52:15 +0000 (22:52 +0000)