void
fw_initialize(const fko_srv_options_t *opts)
{
int res;
/* Flush the chains (just in case) so we can start fresh.
*/
if(strncasecmp(opts->config[CONF_FLUSH_IPT_AT_INIT], "Y", 1) == 0)
delete_all_chains(opts);
/* Now create any configured chains.
*/
res = create_fw_chains(opts);
if(res != 0)
{
fprintf(stderr, "Warning: Errors detected during fwknop custom chain creation.\n");
exit(EXIT_FAILURE);
}
/* Make sure that the 'comment' match is available
*/
if((strncasecmp(opts->config[CONF_ENABLE_IPT_COMMENT_CHECK], "Y", 1) == 0)
&& (comment_match_exists(opts) != 1))
{
fprintf(stderr, "Warning: Could not use the 'comment' match.\n");
exit(EXIT_FAILURE);
}
}
int
fw_cleanup(const fko_srv_options_t *opts)
{
if(strncasecmp(opts->config[CONF_FLUSH_IPT_AT_EXIT], "N", 1) == 0)
return(0);
delete_all_chains(opts);
return(0);
}
int
fw_initialize(const fko_srv_options_t * const opts)
{
int res = 1;
/* See if iptables offers the '-C' argument (older versions don't). If not,
* then switch to parsing iptables -L output to find rules.
*/
if(opts->ipt_disable_check_support)
have_ipt_chk_support = 0;
else
ipt_chk_support(opts);
/* Flush the chains (just in case) so we can start fresh.
*/
if(strncasecmp(opts->config[CONF_FLUSH_IPT_AT_INIT], "Y", 1) == 0)
delete_all_chains(opts);
/* Now create any configured chains.
*/
if(create_fw_chains(opts) != 0)
{
log_msg(LOG_WARNING,
"Warning: Errors detected during fwknop custom chain creation");
res = 0;
}
/* Make sure that the 'comment' match is available
*/
if(strncasecmp(opts->config[CONF_ENABLE_IPT_COMMENT_CHECK], "Y", 1) == 0)
{
if(comment_match_exists(opts) == 1)
{
log_msg(LOG_INFO, "iptables 'comment' match is available");
}
else
{
log_msg(LOG_WARNING, "Warning: Could not use the 'comment' match");
res = 0;
}
}
return(res);
}