On 17 December 2014 at 20:54, Jörg Thalheim <joerg@xxxxxxxxxxxxx> wrote:
> +
> +nftables_start() {
> + find /etc/nftables -maxdepth 1 -type f -name '*.rules' -print0 | \
> + sort -z | xargs --null --no-run-if-empty --max-args=1 @sbindir@nft -f
> +
> + if [ -t 0 ] && [ "$1" = "--confirm" ]
> + then
> + echo "Please confirm that your network connection is working and press Ctrl+C on success"
> + trap ctrl_c INT
> +
> + sleep 20
> +
> + echo "No response, flushing rules"
> + nftables_stop
> + fi
Also, it would be nice to rollback to the old ruleset rather than
leaving the machine without firewall (think on mission critical
firewalls, where human mistakes happens after all)
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
