## -*- mode: shell-script; -*- 
##
## To be able to make changes to the part of configuration created
## from this configlet you need to copy this file to the directory
## fwbuilder/configlets/linux24/ in your home directory and modify it.
## Double "##" comments are removed during processing but single "#"
## comments are be retained and appear in the generated script. Empty
## lines are removed as well.  
##
## Configlets support simple macro language with these constructs:
## {{$var}} is variable expansion
## {{if var}} is conditional operator.
##
reset_iptables_v4() {
  local list

  $IPTABLES {{$opt_wait}} -P OUTPUT  DROP
  $IPTABLES {{$opt_wait}} -P INPUT   DROP
  $IPTABLES {{$opt_wait}} -P FORWARD DROP

  while read table; do
      list=$($IPTABLES {{$opt_wait}} -t $table -L -n)
      printf "%s" "$list" | while read c chain rest; do
      if test "X$c" = "XChain" ; then
        $IPTABLES {{$opt_wait}} -t $table -F $chain
      fi
      done
      $IPTABLES {{$opt_wait}} -t $table -X
  done < /proc/net/ip_tables_names
}

reset_iptables_v6() {
  local list

  $IP6TABLES {{$opt_wait}} -P OUTPUT  DROP
  $IP6TABLES {{$opt_wait}} -P INPUT   DROP
  $IP6TABLES {{$opt_wait}} -P FORWARD DROP

  while read table; do
      list=$($IP6TABLES {{$opt_wait}} -t $table -L -n)
      printf "%s" "$list" | while read c chain rest; do
      if test "X$c" = "XChain" ; then
        $IP6TABLES {{$opt_wait}} -t $table -F $chain
      fi
      done
      $IP6TABLES {{$opt_wait}} -t $table -X
  done < /proc/net/ip6_tables_names
}

