implement stop command using new iptables_get_chains
[pve-firewall.git] / pvefw
diff --git a/pvefw b/pvefw
index e33518d..90c24f6 100755 (executable)
--- a/pvefw
+++ b/pvefw
@@ -267,7 +267,19 @@ __PACKAGE__->register_method ({
        my ($param) = @_;
 
        my $code = sub {
-           die "implement me";
+           my $chash = PVE::Firewall::iptables_get_chains();
+           my $cmdlist = "*filter\n";
+           $cmdlist .= "-D INPUT -j proxmoxfw-INPUT\n";
+           $cmdlist .= "-D FORWARD -j proxmoxfw-FORWARD\n";
+           foreach my $chain (keys %$chash) {
+               $cmdlist .= "-F $chain\n";
+           }
+           foreach my $chain (keys %$chash) {
+               $cmdlist .= "-X $chain\n";
+           }
+           $cmdlist .= "COMMIT\n";
+
+           PVE::Firewall::iptables_restore_cmdlist($cmdlist);
        };
 
        PVE::Firewall::run_locked($code);