+function create_drop_chain(){
+ local chain="$1"
+
+ if ! $IPTABLES -L "${chain}" >/dev/null 2>&1
+ then
+ echo "initializing chain '${chain}'"
+ $IPTABLES -N "${chain}" || $IPTABLES -F "${chain}"
+ $IPTABLES -A "${chain}" -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN
+ $IPTABLES -A "${chain}" -j REJECT --reject-with icmp-port-unreachable
+ $IPTABLES -v -L "${chain}"
+ fi
+
+ if ! $IP6TABLES -L "${chain}" >/dev/null 2>&1
+ then
+ echo "initializing chain '${chain}' ipv6"
+ $IP6TABLES -N "${chain}" || $IP6TABLES -F "${chain}"
+ $IP6TABLES -A "${chain}" -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN
+ $IP6TABLES -A "${chain}" -j REJECT --reject-with icmp6-port-unreachable
+ $IP6TABLES -v -L "${chain}"
+ fi
+}
+