> On Wed, Oct 24, 2007 at 03:57:08PM -0200, Yuri Rodrigues wrote:
>> $iptables -t mangle -P OUTPUT ACCEPT
>> $iptables -t mangle -P INPUT ACCEPT
>> $iptables -t mangle -P POSTROUTING ACCEPT
>> echo "Policing .......................................... [ OK ]"
> ...
>> modprobe iptable_mangle
>> modprobe iptable_nat
>> echo "0" > /proc/sys/net/ipv4/ip_forward
>> echo "Loading Modules ................................... [ OK ]"
>
> that's the wrong way of saying 'OK'; you want to say 'OK' if all went
> really ok, else say 'NOK!' and perhaps bailout, ie something like:
>
> ...
> $iptables -t mangle -P OUTPUT ACCEPT &&\
> $iptables -t mangle -P INPUT ACCEPT &&\
> $iptables -t mangle -P POSTROUTING ACCEPT &&\
> echo "Policing .......................................... [ OK ]" || {
> echo "Something broke in 'Policing'!"
> exit 1
> }
You don't want to do that, because the term in curled braces is executed
when *any* of the previous commands fails (including the echo). Better
use something like this:
----8<----
fail {
[ -n "$1" ] && echo "Error: $1." 1>&2
exit 1
}
...
$iptables -t mangle -P OUTPUT ACCEPT || fail "setting OUTPUT policy"
$iptables -t mangle -P INPUT ACCEPT || fail "setting INPUT policy"
$iptables -t mangle -P POSTROUTING ACCEPT || fail "setting POSTROUTING policy"
echo "Policing .......................................... [ OK ]"
---->8----
Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment