Split plug-in code from handler code for services (refs #27).

[software/pymin.git] / services / firewall / templates / iptables.sh

diff --git a/services/firewall/templates/iptables.sh b/services/firewall/templates/iptables.sh
index 57dacd5937a1343099f405f31c682d6ec02416f5..e384d0ed36c38e267ff6461589d20119b3e9f347 100644 (file)
--- a/services/firewall/templates/iptables.sh
+++ b/services/firewall/templates/iptables.sh
@@ -4,7 +4,7 @@
 
 # TODO escape shell commands more securely
 def s(text):
-    return repr(text.encode('utf-8'))
+    return repr(unicode(text).encode('utf-8'))
 
 def optional(switch, value):
     if value is not None:
@@ -13,8 +13,14 @@ def optional(switch, value):
 
 %>
 
+/usr/sbin/iptables -t filter -F
+
+/usr/sbin/iptables -t filter -P INPUT ACCEPT
+/usr/sbin/iptables -t filter -P OUTPUT ACCEPT
+/usr/sbin/iptables -t filter -P FORWARD ACCEPT
+
 % for (index, rule) in enumerate(rules):
-/sbin/iptables -t filter \
+/usr/sbin/iptables -t filter \
     -I ${rule.chain|s} ${index+1|s} \
     -j ${rule.target|s} \
     ${optional('-s', rule.src)} \