I use the following script to restart the firewall after changes in post-firewall:
PHP Code:
#! /bin/sh
PATH=/usr/local/bin:/opt/local/bin:/opt/sbin:/opt/bin:/sbin:/bin:/usr/sbin:/usr/bin
logger -t iptables-restart Restarting firewall.
logger -t iptables Setting default policies
# chain policies
# drop everything and open stuff as necessary
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
logger -t iptables Flushing tables
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t mangle
iptables -F -t nat
iptables -X
iptables -Z
WANIF=ppp0
LANIF=br0
MANIF=vlan1
WANIP=`ifconfig "${WANIF}" | awk -F ":" '/inet addr/{print $2}' | awk '{print $1}'`
LANIP=`ifconfig "${LANIF}" | awk -F ":" '/inet addr/{print $2}' | awk '{print $1}'`
MANIP=`ifconfig "${MANIF}" | awk -F ":" '/inet addr/{print $2}' | awk '{print $1}'`
cat /tmp/filter_rules | iptables-restore
cat /tmp/nat_rules | iptables-restore
/usr/local/sbin/post-firewall ${WANIF} ${WANIP} ${LANIF} ${LANIP} ${MANIF} ${MANIP}