On Mar 10 2008 12:02, martin f krafft wrote:
>also sprach Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> [2008.03.09.1745 +0100]:
>> It needs a minor tweak in that the timeout needs to be started
>> before you output anything to the terminal, just in case the
>> terminal blocks.
>
>I don't really see a way to do this trivially.
echo "Applying new rules...";
iptables-restore <new.txt;
if [ "$?" -ne 0 ]; then
echo "Dude, that failed horribly. (Old rules still intact.)";
exit 1;
fi;
echo "Also try starting a new connection to the "\
"machine to verify that NEW connections are accepted "\
"besides ESTABLISHED. Do the rules work? (y/n) " &
read -t 10 x;
if [ "$x" != "y" ]; then
iptables-restore <old.txt;
fi;
>> On a related note, you cannot trap signal 0:
>> trap "rm -f $TMPFILE" 0 1 2 3 4 5 6 7 8 10 11 12 13 14 15
>
>Yes, you can. Trapping 0 means at-exit.
Oh, then probably use "EXIT" instead of "0" :-)
>> >Could this script possibly make it into the iptables distribution
>> >tarball? I am flexible about the licence and all...
>>
>> The idea gets my approval.
>
>Is there anything else I need to do?
>
A bit of CodingStyle perhaps, i.e. tabs for logical indent,
and of course a patch with the updated script.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
