X-Git-Url: http://git.squeep.com/?p=firewall-squeep;a=blobdiff_plain;f=common.sh;h=1309518af3bce28ffed72d4eb3c72be87ba6d3da;hp=f2a7f549dfaf4122dfacbdcb7ce489ef7ae31e71;hb=8f282d43f66a96150c9edef5b8ce39f3f6fc3b4d;hpb=9ec8b91463d0c625e2e561fa476abe9c0e9c84ca

diff --git a/common.sh b/common.sh
index f2a7f54..1309518 100644
--- a/common.sh
+++ b/common.sh
@@ -20,6 +20,28 @@ function create_set(){
 	fi
 }
 
+function create_drop_chain(){
+	local chain="$1"
+
+	if ! $IPTABLES -L "${chain}" >/dev/null 2>&1
+	then
+		echo "initializing chain '${chain}'"
+		$IPTABLES -N "${chain}" || $IPTABLES -F "${chain}"
+		$IPTABLES -A "${chain}" -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN
+		$IPTABLES -A "${chain}" -j REJECT --reject-with icmp-port-unreachable
+		$IPTABLES -v -L "${chain}"
+	fi
+
+	if ! $IP6TABLES -L "${chain}" >/dev/null 2>&1
+	then
+		echo "initializing chain '${chain}' ipv6"
+		$IP6TABLES -N "${chain}" || $IP6TABLES -F "${chain}"
+		$IP6TABLES -A "${chain}" -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN
+		$IP6TABLES -A "${chain}" -j REJECT --reject-with icmp6-port-unreachable
+		$IP6TABLES -v -L "${chain}"
+	fi
+}
+
 function insert_setmatch_rules(){
 	local single=0
 	if [ "x$1" = "x-single-set" ]