- sprintf(str, "/sbin/iptables -t nat -F %s", chain);
- executeCommand(str);
-}
-
-void flushChainINPUT(char *chain) {
- char str[STRING_SIZE];
-
- snprintf(str, STRING_SIZE, "%sINPUT", chain);
- flushChain(str);
-}
-
-void deleteChainReference(char *chain) {
- char str[STRING_SIZE];
-
- sprintf(str, "/sbin/iptables -D INPUT -j %sINPUT", chain);
- executeCommand(str);
-}
-
-void deleteChain(char *chain) {
- char str[STRING_SIZE];
-
- sprintf(str, "/sbin/iptables -X %sINPUT", chain);
- executeCommand(str);
-}
-
-void deleteAllChains(void) {
- // not an elegant solution, but to avoid timing problems with undeleted chain references
- deleteChainReference(OVPNRED);
- deleteChainReference(OVPNBLUE);
- deleteChainReference(OVPNORANGE);
- flushChainINPUT(OVPNRED);
- flushChainINPUT(OVPNBLUE);
- flushChainINPUT(OVPNORANGE);
- deleteChain(OVPNRED);
- deleteChain(OVPNBLUE);
- deleteChain(OVPNORANGE);
-
- // Only flush chains that are created by the firewall
- flushChain(OVPNBLOCK);
- flushChainNAT(OVPNNAT);
-}
-
-void createChainReference(char *chain) {
- char str[STRING_SIZE];
- sprintf(str, "/sbin/iptables -I INPUT %s -j %sINPUT", "14", chain);
- executeCommand(str);
-}
-
-void createChain(char *chain) {
- char str[STRING_SIZE];
- sprintf(str, "/sbin/iptables -N %sINPUT", chain);