10 if [ $# -eq 1 -a "x$1" = "xremove" ]
12 $IPTABLES -D INPUT
-m set --match-set "${set_name}" src
-j "${chain}" || echo "no rule '${set_name}' to remove"
13 $IP6TABLES -D INPUT
-m set --match-set "${set_name}6" src
-j "${chain}" || echo "no rule '${set_name}6' to remove"
14 $IPSET destroy
"${set_name}" || echo "no set '${set_name}' to remove"
15 $IPSET destroy
"${set_name}6" || echo "no set '${set_name}6' to remove"
19 create_set
"${set_name}" hash:net
20 create_set
"${set_name}6" hash:net family inet6
22 # create or re-init chains
23 if ! $IPTABLES -L "${chain}" >/dev
/null
2>&1
25 echo "initializing chain '${chain}'"
26 $IPTABLES -N "${chain}" || $IPTABLES -F "${chain}"
27 $IPTABLES -A "${chain}" -m conntrack
--ctstate ESTABLISHED
,RELATED
-j RETURN
28 $IPTABLES -A "${chain}" -j REJECT
--reject-with icmp
-port-unreachable
29 $IPTABLES -v -L "${chain}"
32 if ! $IP6TABLES -L "${chain}" >/dev
/null
2>&1
34 echo "initializing chain '${chain}' ipv6"
35 $IP6TABLES -N "${chain}" || $IP6TABLES -F "${chain}"
36 $IP6TABLES -A "${chain}" -m conntrack
--ctstate ESTABLISHED
,RELATED
-j RETURN
37 $IP6TABLES -A "${chain}" -j REJECT
--reject-with icmp6
-port-unreachable
38 $IP6TABLES -v -L "${chain}"
41 insert_setmatch_rules
"${set_name}" -j "${chain}"
43 reload_cidr_sets
"${set_name}"