add post-firewall hook for other features

author: An-Cheng Huang <ancheng@vyatta.com> 2008-04-08 16:34:09 -0700
committer: An-Cheng Huang <ancheng@vyatta.com> 2008-04-08 16:34:09 -0700
commit: 041c76680a23aa1204cc08d3720d2957f45a9fac (patch)
tree: eea9985ce2e2525dffdd7db6ce74083cc048a8a5 /scripts/firewall/firewall.init.in
parent: 7271fce2882df7a1251608203099fc54862b78d1 (diff)
download: vyatta-cfg-firewall-041c76680a23aa1204cc08d3720d2957f45a9fac.tar.gz
vyatta-cfg-firewall-041c76680a23aa1204cc08d3720d2957f45a9fac.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index acd951a..9f365db 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -52,6 +52,12 @@ start () {
     # by default, nothing is tracked.
     iptables -t raw -A PREROUTING -j NOTRACK
     iptables -t raw -A OUTPUT -j NOTRACK
+    
+    # set up post-firewall hook
+    iptables -N VYATTA_POST_FW_HOOK
+    iptables -A VYATTA_POST_FW_HOOK -j ACCEPT
+    iptables -A INPUT -j VYATTA_POST_FW_HOOK
+    iptables -A FORWARD -j VYATTA_POST_FW_HOOK
 }
 
 case "$ACTION" in
author	An-Cheng Huang <ancheng@vyatta.com>	2008-04-08 16:34:09 -0700
committer	An-Cheng Huang <ancheng@vyatta.com>	2008-04-08 16:34:09 -0700
commit	041c76680a23aa1204cc08d3720d2957f45a9fac (patch)
tree	eea9985ce2e2525dffdd7db6ce74083cc048a8a5 /scripts/firewall/firewall.init.in
parent	7271fce2882df7a1251608203099fc54862b78d1 (diff)
download	vyatta-cfg-firewall-041c76680a23aa1204cc08d3720d2957f45a9fac.tar.gz vyatta-cfg-firewall-041c76680a23aa1204cc08d3720d2957f45a9fac.zip