.gitignore: Add "html" directory

[people/stevee/network.git] / functions.iptables

diff --git a/functions.iptables b/functions.iptables
index b8db7cba0a1583350791d4c2eab0b66fe502f337..98658bbed02b6cec6d499d0451ec3527580e26c0 100644 (file)
--- a/functions.iptables
+++ b/functions.iptables
@@ -104,6 +104,8 @@ function iptables() {
                esac
 
                rulesfile=$(iptables_rulesfile ipv${p} ${table})
+               assert isset rulesfile
+
                print "${args:1:${#args}}" >> ${rulesfile}
        done
 }
@@ -113,7 +115,7 @@ function _iptables() {
        local iptables_cmd=$(which iptables)
        assert isset iptables_cmd
 
-       ${iptables_cmd} $@
+       cmd ${iptables_cmd} $@
 }
 
 function iptables_status() {
@@ -183,20 +185,26 @@ function iptables_load() {
 
        local rulesfile
 
-       # First, commit all tables.
-       _iptables_commit
-
        # Concat the table rulesets into one big file.
        local proto
        for proto in 6 4; do
                rulesfile=$(iptables_rulesfile ipv${proto})
+               assert isset rulesfile
 
                local table
                local tablefile
                for table in $(iptables_tables ipv${proto}); do
                        tablefile=$(iptables_rulesfile ipv${proto} ${table})
-                       print "$(<${tablefile})"
+
+                       fread ${tablefile}
+
+                       # Add the COMMIT statement for every table.
+                       if [ -s "${tablefile}" ]; then
+                               print "COMMIT"
+                       fi
                done > ${rulesfile}
+
+               assert [ -s "${rulesfile}" ]
        done
 
        local error="false"
@@ -205,6 +213,7 @@ function iptables_load() {
        # First check if everything is correctly formatted.
        for proto in 6 4; do
                rulesfile=$(iptables_rulesfile ipv${proto})
+               assert isset rulesfile
 
                _iptables_load ipv${proto} ${rulesfile} true
                if [ $? -ne ${EXIT_OK} ]; then
@@ -236,15 +245,6 @@ function iptables_load() {
        return ${EXIT_OK}
 }
 
-# Commit all tables.
-function _iptables_commit() {
-       iptables -t filter "COMMIT"
-       iptables -t mangle "COMMIT"
-
-       # Commit NAT chain for IPv4.
-       iptables -4 -t nat "COMMIT"
-}
-
 function _iptables_load() {
        local proto=${1}
        local file=${2}
@@ -306,8 +306,8 @@ function iptables_dump() {
                log ${log_facility} "Firewall ruleset for IPv${proto}:"
 
                counter=1
-               while read line; do
-                       line=$(print "%4d | %s" "${counter}" "${line}")
+               while read -r line; do
+                       printf -v line "%4d | %s" "${counter}" "${line}"
                        log ${log_facility} "${line}"
 
                        counter=$(( $counter + 1 ))