## -*- mode: shell-script; -*-
##
## To be able to make changes to the part of configuration created
## from this configlet you need to copy this file to the directory
## fwbuilder/configlets/linux24/ in your home directory and modify it.
## Double "##" comments are removed during processing but single "#"
## comments are be retained and appear in the generated script. Empty
## lines are removed as well.
##
## Configlets support simple macro language with these constructs:
## {{$var}} is variable expansion
## {{if var}} is conditional operator.
##
reset_iptables_v4() {
  $IPTABLES {{$opt_wait}} -P OUTPUT  DROP
  $IPTABLES {{$opt_wait}} -P INPUT   DROP
  $IPTABLES {{$opt_wait}} -P FORWARD DROP

  while read -r table; do
      list=$($IPTABLES {{$opt_wait}} -t "$table" -L -n)
      printf "%s" "$list" | while read -r c chain rest; do
      if test "$c" = "Chain" ; then
        $IPTABLES {{$opt_wait}} -t "$table" -F "$chain"
      fi
      done
      $IPTABLES {{$opt_wait}} -t "$table" -X
  done < /proc/net/ip_tables_names
}

reset_iptables_v6() {
  $IP6TABLES {{$opt_wait}} -P OUTPUT  DROP
  $IP6TABLES {{$opt_wait}} -P INPUT   DROP
  $IP6TABLES {{$opt_wait}} -P FORWARD DROP

  while read -r table; do
      list=$($IP6TABLES {{$opt_wait}} -t "$table" -L -n)
      printf "%s" "$list" | while read -r c chain rest; do
      if test "$c" = "Chain" ; then
        $IP6TABLES {{$opt_wait}} -t "$table" -F "$chain"
      fi
      done
      $IP6TABLES {{$opt_wait}} -t "$table" -X
  done < /proc/net/ip6_tables_names
}
