/** Remove the firewall rules * This is used when we do a clean shutdown of nodogsplash, * and when it starts, to make sure there are no rules left over from a crash */ int iptables_fw_destroy(void) { fw_quiet = 1; debug(LOG_DEBUG, "Destroying our tc hooks"); tc_destroy_tc(); debug(LOG_DEBUG, "Destroying our iptables entries"); /* * * Everything in the mangle table * */ debug(LOG_DEBUG, "Destroying chains in the MANGLE table"); iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_TRUSTED); iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_BLOCKED); iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_ALLOWED); iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_OUTGOING); iptables_fw_destroy_mention("mangle", "POSTROUTING", CHAIN_INCOMING); iptables_do_command("-t mangle -F " CHAIN_TRUSTED); iptables_do_command("-t mangle -F " CHAIN_BLOCKED); iptables_do_command("-t mangle -F " CHAIN_ALLOWED); iptables_do_command("-t mangle -F " CHAIN_OUTGOING); iptables_do_command("-t mangle -F " CHAIN_INCOMING); iptables_do_command("-t mangle -X " CHAIN_TRUSTED); iptables_do_command("-t mangle -X " CHAIN_BLOCKED); iptables_do_command("-t mangle -X " CHAIN_ALLOWED); iptables_do_command("-t mangle -X " CHAIN_OUTGOING); iptables_do_command("-t mangle -X " CHAIN_INCOMING); /* * * Everything in the nat table * */ debug(LOG_DEBUG, "Destroying chains in the NAT table"); iptables_fw_destroy_mention("nat", "PREROUTING", CHAIN_OUTGOING); iptables_do_command("-t nat -F " CHAIN_OUTGOING); iptables_do_command("-t nat -X " CHAIN_OUTGOING); /* * * Everything in the filter table * */ debug(LOG_DEBUG, "Destroying chains in the FILTER table"); iptables_fw_destroy_mention("filter", "INPUT", CHAIN_TO_ROUTER); iptables_fw_destroy_mention("filter", "FORWARD", CHAIN_TO_INTERNET); iptables_do_command("-t filter -F " CHAIN_TO_ROUTER); iptables_do_command("-t filter -F " CHAIN_TO_INTERNET); iptables_do_command("-t filter -F " CHAIN_AUTHENTICATED); iptables_do_command("-t filter -F " CHAIN_TRUSTED); iptables_do_command("-t filter -F " CHAIN_TRUSTED_TO_ROUTER); iptables_do_command("-t filter -X " CHAIN_TO_ROUTER); iptables_do_command("-t filter -X " CHAIN_TO_INTERNET); iptables_do_command("-t filter -X " CHAIN_AUTHENTICATED); iptables_do_command("-t filter -X " CHAIN_TRUSTED); iptables_do_command("-t filter -X " CHAIN_TRUSTED_TO_ROUTER); return 0; }
/** Remove the firewall rules * This is used when we do a clean shutdown of nodogsplash, * and when it starts, to make sure there are no rules left over from a crash */ int iptables_fw_destroy(void) { fw_quiet = 1; s_config *config; int traffic_control; LOCK_CONFIG(); config = config_get_config(); traffic_control = config->traffic_control; UNLOCK_CONFIG(); if (traffic_control) { debug(LOG_DEBUG, "Destroying our tc hooks"); tc_destroy_tc(); } debug(LOG_DEBUG, "Destroying our iptables entries"); /* Everything in the mangle table */ debug(LOG_DEBUG, "Destroying chains in the MANGLE table"); iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_TRUSTED); iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_BLOCKED); iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_ALLOWED); iptables_fw_destroy_mention("mangle", "PREROUTING", CHAIN_OUTGOING); iptables_fw_destroy_mention("mangle", "POSTROUTING", CHAIN_INCOMING); iptables_do_command("-t mangle -F " CHAIN_TRUSTED); iptables_do_command("-t mangle -F " CHAIN_BLOCKED); iptables_do_command("-t mangle -F " CHAIN_ALLOWED); iptables_do_command("-t mangle -F " CHAIN_OUTGOING); iptables_do_command("-t mangle -F " CHAIN_INCOMING); iptables_do_command("-t mangle -X " CHAIN_TRUSTED); iptables_do_command("-t mangle -X " CHAIN_BLOCKED); iptables_do_command("-t mangle -X " CHAIN_ALLOWED); iptables_do_command("-t mangle -X " CHAIN_OUTGOING); iptables_do_command("-t mangle -X " CHAIN_INCOMING); /* Everything in the nat table (ip4 only) */ if (!config->ip6) { debug(LOG_DEBUG, "Destroying chains in the NAT table"); iptables_fw_destroy_mention("nat", "PREROUTING", CHAIN_OUTGOING); iptables_do_command("-t nat -F " CHAIN_OUTGOING); iptables_do_command("-t nat -X " CHAIN_OUTGOING); } /* Everything in the filter table */ debug(LOG_DEBUG, "Destroying chains in the FILTER table"); iptables_fw_destroy_mention("filter", "INPUT", CHAIN_TO_ROUTER); iptables_fw_destroy_mention("filter", "FORWARD", CHAIN_TO_INTERNET); iptables_do_command("-t filter -F " CHAIN_TO_ROUTER); iptables_do_command("-t filter -F " CHAIN_TO_INTERNET); iptables_do_command("-t filter -F " CHAIN_AUTHENTICATED); iptables_do_command("-t filter -F " CHAIN_TRUSTED); iptables_do_command("-t filter -F " CHAIN_TRUSTED_TO_ROUTER); iptables_do_command("-t filter -X " CHAIN_TO_ROUTER); iptables_do_command("-t filter -X " CHAIN_TO_INTERNET); iptables_do_command("-t filter -X " CHAIN_AUTHENTICATED); iptables_do_command("-t filter -X " CHAIN_TRUSTED); iptables_do_command("-t filter -X " CHAIN_TRUSTED_TO_ROUTER); fw_quiet = 0; return 0; }