JFIF   ( %!1!%)+...383,7(-.+  ++-+++++-++-++--+--+-+-------+-++-+--+---+++--+7+-+"F!1AQaq"2BRb#3Sr$CDsT&!Q1Aa"2Rbq ?򉄘ǷLR HR,nNb .&W)fJbMOYxj-\bT2(4CQ"qiC/ " %0Jl"e2V  0SDd2@TV^{cW&F͉x9#l,.XɳvRZ C8S 6ml!@!E! `FS!M #(d)Q lml1ml Ų&x(ʨ2NFmj@D<dN5UN˄uTB emLAy#` ` ` I!I 6āHBxL & J#7BQ.$hv h q+tC"EJ) 8R e2U2Y@j%6PF^4LnNBp"8)4JI-ֲvK ^؊)hz[T5˗",Rҥf8ڤS4ʘ!`D ` X+ L,(hl)*S##`6[`0*L T H*HA@I&&r1kr*r*)N$#L  1#ZFSl `[( ("((he`4 Ch [="A R / 0I`twCDcWh"i) cLad\BcLKHZ"ZEW$Ƚ@A~i^`S *A&h:+c Y6vϕGClRPs.`H`(@<$qDe pL@DpLX, E2MP A  `II m& AQ "AT rbg# g2!SiLj*3L \ G;TFL`K BMy 2S`YLh1 d >-"ZfD^Q DH" RAbEV#Lfq,(rETp64-IJ!*p4F$q;G8DQ/TKP2$jp3KW]FtLtƉ1ol]VBgػJH6 )h61GJR7Nj.Z4piJRDd]t]0dP]:N.b'⹙SvDSz]L,_#ugT&[~?cS^"{Bh{/=ۑxOk̳O59o dar793`)SeYM@\ "$E(Tm&)N2Ih)F5EDed(FS,Pa @!@#@lea HCD$11jCLJqcod S3yd*,lL+QEfsgW1nw)cT#dS HXkFJB"6(ʝH)H"#EZh:Y`khݳh%Sc<mlAko2]gDqQtro=3OƸU9_-t8UvW3sGəg*#:c)><"wc\ASmT|6Ę>9~#1Ƈ~ڒE1vVi# I MM#u$8W 5ǍfƬΜg*Qpi1ȩFOf۔S,/⎯(Lrմ`(Z LsbA \6 6dm[I=!r:REI.wgzG)ԇSbӑxuׇTyyL^e'x^ty4Z&eB]I|v59Jjhm;Ng񷫳n<ϞҼѝjk;׹DlY^ҍ\+x9V!j([cmS.NO6jxNζrm&oײizT$N>?~ Sl-:iڥk\at#E!CL`.O0a*w/WV7/r)DŽt7'Nĵ#7O1 ]{[/-2bA<$&Gm_4t)_>)mjG;V^'k59o>ɌM,ؾf9z6 4v_3T.5V/RD-5 %T5XTޫ4TaZ`U *ƱUƲ UG"5+sJJ2E9#܎kr2G3Bb,XM6H: ?@p!'\4V02aԙ) hbZ]:` ev3ʘ'}!ohȒ*TJjr[RFyQ*#{h{R]J]Lr-.D-.җfo$D ?X0%~1P.Og{cWϫ22&Ϭ_V.W3nmiOl}+!˫#`kR33aUb0-g:qmsέ+0HO|&nhOn+}n5QF_"gvLm/z'+r'n_oC语i|1}Gi|}_D~9JZ_%DVQp\koۅjAs~/c0ksUJi^W9W5!>?O:q|ˣSIB/&K<(lg(%Wg$|LW7vߤW߇q|jef3D H\S6(eJb*@&sTKTW/*@v:.N- @ITʓ1Zg&-eꓝM r]EMס{q$b]'7Z7N:O~lNlP7iͲk)$O^퉢<YSD*hr'Z#5e6t[Fdh AJǔP9P 1\R).Il+jI*,(ܢ22N*OwKFX gc?\mB7iA+εe8 "ġ/p5pW-$މ-[a 5ViAW/V{/&UsF./՞ҕ*)rZg.^_+gt_z-oAbqQn*WlHyZ*\TaEewlLR3ԹȭN}MM}aih"5ܕRT$:~'TcT|*)xGC>n+r{XU xuF"<~67у'fxlf`r3D*#Z1ђfH`2dIWo/qB| 63xxW6^m%Kvg>\>x>!H5Nr8J/FJ9Wx(Hou" S'kWاC\9ְ#^OaҮ+~gnkuЉ,aWU*1 읍jnb|e= :2.UL`Q}YS&gI.c=a`%j:C%2@^>])25/ܙ<lzwɛ)ݣS4h3=J tyϬ.E7 8ڞGZu\_JHsݢϑ}IZ"ӳ=X<Ɖ2{a:{7L+>V}c)*lo Yv&+|L;>+/Sj26K+澡*;>-s"}M2] Ig5aCL*r"&\} #^R.7_Mgf}.ߌy(}Z\gP&ʠHj%</{.]rߙQ`>;5g;u6dԛ %xb|oՋTJ5Ϥ(]XqP>f{Jk2,8'~ZU6tMQsg XKg^2ϓ3},[wo۴I|ܷ%[Ol\Pkr]Y//cg6U⧻/VПi8ys_n<\~cze!!H~x;QJZKȮ^ȧG|cS~8ji,Fo+,y~?pk)u /in3JmkX(Mj1N 4c Epc>BO *LfQO&` c;LjcYf 1ɻ)CLsY^Y5" lP/wuEln&dav,(;'W9ej ku`-KHI՟%ԁʁ 1\}?OjsF^Xn$Ё.օC>D:?I @aGE.ĩ1 $ et~T`߸Ir'RX.Zwc%~U=r>-UaFbǺ?R=Z?i'[ASS;siJrzy>nxu$[_B\4}:r'ҵj1_v-[;y?ֹ0I16 . M%4^!S&t ! h !zQð.bBT ?@]?CHq(rd!.$>/x+bnʎNN#w)` )*f!-ɂ\(طYLHzc`Uq7BfCcE0ԉ4Fم쏠ce5T r͸GVlФ?ѣ} mhrkly.Ts㷖)Mө S^%'g>wk%bP[}j~ǾV#K -Fgv켼ǨgɼeSz/6{M=BPZFu\Q75n3Iݤ.W9QfF{vJwF't[@iVj4G~KOnH߿_Do=.c.One?E+GfGN⧭H?4;u`ua|V-+j4?48n ɦ=-]puv&Jc}K>b%U x8pz6L8AXFsW]N55ҦbIWZQ7ï Ԗ3cjz匩ӺOTɖƴ%a'MI}cdR$ݚIζ̝ LIu>J3{^෠㜦˯xܿe\b"2y'x{ RDW b+o2KFhR0:U늞En>լRӉt Iڹ\ wշQEv"v;EJ)yl[5:F0=b4,\PqKtv4{bQz:>C7"8W#Zjdd| cjz%K %Z 9dD{=NFʳAƩtI)kS*s$`:A\ʬ*ֹ9{Nl|eJ١rQnM%z_#x_•TO><)kyD %GN<~y>vfǧB)F)c\lې(#\ h`fgfjTBdhhHL2Y0^ Y0^-"D!QaI15 m~ gՒd|;#gMn(P$l H.R2^PU")pN` N8󫅂OJ;^jz\uumJMF|ηq[]$Vrrt:Q^;QPkHՠ{]HwˆMuIr7!r&- j%"9LtUb56+^TWBqdhHAD7 HwKH^F3LIq #hK`]IWKiH?کǴeԥQ>g{^q^>HKoOB||8aݏS}{S_]ϸ/X~ܵw'OSPAf֩ܟ[>7 @[ֵ;G߇QU*Cթ *OKU^zz[fRnpcJX9u<iq8B]u8 ]I,;[G#2W.¸D8rPG Y%PBJ= wo;PJgx6;yB`3zZGPAͫy{5Nb_re*ONHR]Ji)U{Ӓ:qqɏ[mB4࢒I$ 2vpBADY`DIVAn"Bh$&&cMbdB 鮆wHR'E(ѸZA*H~{B M҅n\@N{7ISCp Vd( r+bg|ns:qg:|J|ɪV.UVaAS͓FyRuLѦT騬 `3􏳕{eo/Tz8DkW?,cl~TqLne֠[B*D +t 6˦S;5KjV3e WBrT.XSHm sl5F%NGM`Y )": J!W4]HTrPX2 QYɕ\m2VLd+`,^ѺiPztUGY6+cӧ6] U%u/ˈFOiB*nFF#ұJ Z/c')?Q͟5.8E~G6e<\?}GkhMFUظOqhEA - "`dQ#(4Ԧf VLmc@q5J8K; M^JZnn)9Zm\ qIJqS: i[9~Oaƒ]Z4F&+666( N]쁼LM(oyvUI/Χ[ھ]hTˉG".SeYgu;hRDtڬv=5 ׁqMS\Ȭi5D]1$*0UL1QY`QdLb[+z9";'yi`OT/4{@EZ'Y0>4I*d nM#5hі.vrM[]Ä;]\ʦS,叕DQZq0fӌI͋]TNK"#;?F;aURx_4WDm+F*0XJE@){ 1R-E2(@Qh l D rT.Q;[J;[`30`ɀ 2#=JeSsxRjG=`H rLJ@ Y$JaB2/x( "Id'6O0CI$:Ol+}I>[L|iK+]ZrH*2Aʶ uHRd)OrrbSx=5dmue1neܬ"e>Lw94勲u ҏ_4GuоJw]QtgSk(qW(6h|v= 1=P/\YZ|R>"*5W/ίR'o %R$5= .!VIRMf4*aR5nv% Usj:V Lj]Bn/TZ&.2„ܒBP)aYRʌW!#ErGf';tW$czI*\KI,c7Zc-ўj|p+-ђ{eg 2;R_{VLM]7sؒFmԻy853gҾqJG!E̤ӏqzs༿? U#R)ŧU(,>,&,-^e^۔.b EW^n<)\9.QeJuFiSh2"EL8yeCKQD\5R,D5.P]c1STt*ZFJ.T:N #%]M}khOe(͓iEMsɆ3( YF<"Ly^*[ry6.ɸm k݊iT%nM8 $Q#F# q 1*?% iS^4oܗ wWPS,aNޖxOxڽqp#F6&o,7LJuMΤK(Td{U Ƹf|q5U{3[FLNK6ӵQY5+'>Q3FSk).&:5z yZq/*q$d+Ge+$lO@Nڤy5eBvˌ䖥shS:JksgksF ꧸oi-FYxy9[Vȼĝ'_.[y2U*c?E+:TsWՀgOS> z75>ncߏ-Kz8ԋ,Ϧ70Z9_1h$Xiu10)0$+$! qsE4wRkh2*T.s%DH:`:=k.'WB{ ȮRGҷ7чVg)CHS}1ݍԳۂ<8g_4y*-Ml\]mZT)mJ~|k<6zWjf4'*u%RNRȉZA) .VLtp 4 V&mtJ#l˅;&{]8>TmhoLXOeD^_J>]jsSej﫦iOM SK([!Vc5zn-A@p]Ӄ \3kmK>#-sܧ?NLar@Js?…Xldny]݌E5•9.8hh69#7js׳R,'pqt:kgPhRԄ+ՕG9}="ֲ\kǁm R73pg$t3+o |o\]'ee5ɐ.7ѐ|ZعSF{qkx5-$Q h5*1yM$ 7)hJ2Kg`-hn*>)EYDIkBpȩAzfǪ>7O K#lߤg]:u~huُ۵u}(mjGIj܏6ES~/5CiRy|kVKGBޭ3;w /jꏈUu>iƪi:WRo'yr4C/?c:w!?\'?#Q:>u/?uEeuG*xY2)?־CAr*23_ץ}գk1%(_ _6aԗ _4 $ϗ+ϫɆzǾIgu?Y<#_xS>i\uɇ۽r}[ͫyRoWCC!H,iD։"Cj5 4] cTk2YZRBvRY~FqQt^RO-g"QP]Ih/t:ljs YӹqI] wqXp KV+8j} uu8PGP&zF:;8+ Sx9(. Q}:ƻWr,Ũ*'shfƧ-6__5,DH{* qp묘G MA}QRe{dyMucǨɾ7߈Avϩe͜jmUi p3\5,ާbf:o+7#ܾ~iU#up=}˄k{NV8m!ҌiptޜBvKi}!ש3UK)`igӞVMR'J[ky~g&6vǍ7ķ>uXd(3瓓[]QTTqnͮz1~_͓k俸0~Z1գ =18cL 5^lf^k^<ҲJɬcC-[^;J8j_q=WpeA_6 4.Ntc>Sv2Jf;G8. 5[,;ArSTˬmpmzjGe EoǩOgDWaGhz<|kT\$Q=u/ci˜S mN&Ok~'0,a} s + NC-G'(*>vw~&*wYG Ŷ K-L/$߮l/A/^:Z@X- Q-D2`@M2+w$Q"胊"47&+Dh'9Y* L7VhT+ -?K]Ik \Ϣgy) s v z)Z ˦2&ލ OjmG9@8F_u䊜r>3K%Yg-FFI]e+Kxkzװy"\Q4Ri'0+P=V&Sw3N/U|UEt*uS c M*tsBE 2ʃ@Kir(˫LRr璜Zy@].%NbXvz덟 hӰNMe#|g͒po9^licxB[e' {U? mlt%?霋ǒxZc X]ϗ15SeE{-Ӕi~DƯO|ë5a@G=%<ƧAs*+tzo, IpȔ|:X6J3Z5JXd]2 3%v*GvE@(S&SX7D0^{5t Z{ﮄsh- ]ɑqEV=^Ki9äBtI@&pEg*O<`F-}ǎ51H,<~qibQѓɳx#l$G9td1U+Sq%B[jOq+^ޏ7K >YY  $KK{*˝e"|$g"6v,,9.DaA,qэI~ܨ|kdv; hz2]x5{M5M~yלqTzUl9Mӏ.WVnkun !jzKO!v|& ;gۇ2BrI閵C tqHe[Zkގ=Q;OԶiᵞBcIU eN cOGz S__>.hNgG6).J$_Taѯ5^LqeB]O?A]H;ò{^0ٺuޚxB|:q'xu4"9Ο7k^eZ_fQOmzm̗{c3ٵKO|m*ek(8"yO(ٵ{LJb2Ǩkgg1_/qrDՆ[_l\ I~Bsc/x ),,̿@PFޞ>O)<<=5m=^x6}~6qoYGޣiY{uN+<,CǚwVxe~c!,5R4u/9In=G•^PF6ɼM򿶤$"\|78ؖYU cXFOKc4s-=6O<;.ϴ޶$q>e? qY}StirX?e/&R'ʑ[ѯMi{?8\g^>\!-VZCf.ȾzRWMh_{^H)mz}V%չM.EJUz7z>ZW6\BW~:W3!S_4~m ǚ! ;VeGKFڵ858Buj:ZZ(/H׭eav!$gpLV)țAJO~YBꤞ厅XJdjg{hR9~_f '5U+}W5%ZjzgTtozYD @%JK\qymeЪKIIp"xoz\B1$G)8Ԅ Jeyc".yyVBR-%BEA-k^Luj cYwԄ%X!e-4ZRḡlJvYsB԰˗0?RM\TlaߏVu4BmY!UyYylgd!m2$i=[hN,6)_~7͖CDF2zÕ{?l;Hܲk׋!/XAłrCXEI{]P[e! ?%Ktqܱ5! jַĞ*TvAG)fuxTҖV7~ 4=r! ob%jTwU$Bnqed䤿@0P&V]HJ)^YrޯĿbsY8=1! n}UD*7uƫi~!s[W{V9J;~Ӯ|[3s۷dڔIj?qJ'O,IkE]G(5\ۖ7)-g,ŶǗ=~e>k쐁%(g˦o[fxN_baGBm:܆VGЗ,G_D!/og,ҢVܤ_iS_~@ SkidSec Webshell

SkidSec WebShell

Server Address : 172.31.38.4

Web Server : Apache/2.4.58 (Ubuntu)

Uname : Linux ip-172-31-38-4 6.14.0-1017-aws #17~24.04.1-Ubuntu SMP Wed Nov 5 10:48:17 UTC 2025 x86_64

PHP Version : 7.4.33



Current Path : /proc/self/root/lib/ufw/



Current File : //proc/self/root/lib/ufw/ufw-init-functions
#!/bin/sh
#
# ufw-init-functions: functions used by ufw-init and distribution initscripts
#
# Copyright 2008-2015 Canonical Ltd.
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License version 3,
#    as published by the Free Software Foundation.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
set -e

PATH="/sbin:/bin:/usr/sbin:/usr/bin"

for s in "${DATA_DIR}/etc/default/ufw" "${DATA_DIR}/etc/ufw/ufw.conf" ; do
    if [ -s "$s" ]; then
        . "$s"
    else
        echo "Could not find $s (aborting)"
        exit 1
    fi
done

RULES_PATH="${DATA_DIR}/etc/ufw"
USER_PATH="${DATA_DIR}/etc/ufw"

flush_builtins() {
    error=""
    execs="iptables"
    if ip6tables -L INPUT -n >/dev/null 2>&1; then
        execs="$execs ip6tables"
    fi

    for exe in $execs
    do
        $exe -F || error="yes"
        $exe -X || error="yes"
        $exe -P INPUT ACCEPT || error="yes"
        $exe -P OUTPUT ACCEPT || error="yes"
        $exe -P FORWARD ACCEPT || error="yes"

        # now handle the mangle table
        if $exe -t mangle -L -n >/dev/null 2>&1; then
            for i in INPUT OUTPUT FORWARD PREROUTING POSTROUTING ; do
                $exe -t mangle -F $i || error="yes"
                $exe -t mangle -P $i ACCEPT || error="yes"
            done
        fi
    done

    # now handle the nat table
    if iptables -t nat -L -n >/dev/null 2>&1; then
        for i in OUTPUT PREROUTING POSTROUTING ; do
            iptables -t nat -F $i || error="yes"
            iptables -t nat -P $i ACCEPT || error="yes"
        done
    fi

    if [ "$error" = "yes" ]; then
        return 1
    fi
}

chains_command() {
    flag="$1"
    type=""
    exe="iptables"
    if [ "$2" = "6" ]; then
        type="$2"
        exe="ip6tables"
    fi

    for c in ufw$type-logging-deny ufw$type-logging-allow ufw$type-not-local ufw$type-user-logging-input ufw$type-user-limit-accept ufw$type-user-limit ufw$type-skip-to-policy-input ufw$type-reject-input ufw$type-after-logging-input ufw$type-after-input ufw$type-user-input ufw$type-before-input ufw$type-before-logging-input ufw$type-skip-to-policy-forward ufw$type-reject-forward ufw$type-after-logging-forward ufw$type-after-forward ufw$type-user-logging-forward ufw$type-user-forward ufw$type-before-forward ufw$type-before-logging-forward ufw$type-track-forward ufw$type-track-output ufw$type-track-input ufw$type-skip-to-policy-output ufw$type-reject-output ufw$type-after-logging-output ufw$type-after-output ufw$type-user-logging-output ufw$type-user-output ufw$type-before-output ufw$type-before-logging-output; do
        if [ "$UFW_INIT_DEBUG" = "yes" ]; then
            echo "$exe $flag $c" >&2
            $exe $flag $c || true
        else
            $exe $flag $c 2>/dev/null || true
        fi
    done
}

delete_chains() {
    chains_command -F $1
    chains_command -Z $1

    # Delete the secondary chains to reduce clutter, but keep the primary ones
    # so that the primary chains don't leave the built-in chains just to come
    # back later in a different place. This means that some (empty) chains will
    # linger until the next boot after disabling ufw.
    for c in ufw$type-logging-deny ufw$type-logging-allow ufw$type-not-local ufw$type-user-logging-input ufw$type-user-logging-output ufw$type-user-logging-forward ufw$type-user-limit-accept ufw$type-user-limit ufw$type-user-input ufw$type-user-forward ufw$type-user-output ufw$type-skip-to-policy-input ufw$type-skip-to-policy-output ufw$type-skip-to-policy-forward ; do
        if [ "$UFW_INIT_DEBUG" = "yes" ]; then
            echo "$exe $flag $c" >&2
            $exe -X $c || true
        else
            $exe -X $c 2>/dev/null || true
        fi
    done
}

ufw_start() {
    out=""
    if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
        if iptables -L ufw-user-input -n >/dev/null 2>&1 ; then
            echo "Firewall already started, use 'force-reload'"
            return 0
        fi
        for m in $IPT_MODULES
        do
            modprobe $m || true
        done

        if [ "$MANAGE_BUILTINS" = "yes" ]; then
            flush_builtins
        fi

        if [ -x "$RULES_PATH/before.init" ]; then
            if ! "$RULES_PATH/before.init" start ; then
                error="yes"
                out="${out}\n'$RULES_PATH/before.init start' exited with error"
            fi
        fi

        execs="iptables"

        # IPv6 setup
        if [ "$IPV6" = "yes" ] || [ "$IPV6" = "YES" ]; then
            if ip6tables -L INPUT -n >/dev/null 2>&1; then
                execs="$execs ip6tables"
            else
                out="${out}\nProblem loading ipv6 (skipping)"
            fi
        else
            if ip6tables -L INPUT -n >/dev/null 2>&1; then
                # IPv6 support disabled but available in the kernel, so
                # default DROP and accept all on loopback
                delete_chains 6 || error="yes"

                printf "*filter\n"\
":INPUT DROP [0:0]\n"\
":FORWARD DROP [0:0]\n"\
":OUTPUT DROP [0:0]\n"\
"-A INPUT -i lo -j ACCEPT\n"\
"-A OUTPUT -o lo -j ACCEPT\n"\
"COMMIT\n" | ip6tables-restore || error="yes"

                if [ "$error" = "yes" ]; then
                    out="${out}\nProblem loading ipv6 (skipping)"
                fi
            fi
        fi

        for exe in $execs
        do
            type=""
            if [ "$exe" = "ip6tables" ]; then
                type="6"
            fi
            BEFORE_RULES="$RULES_PATH/before${type}.rules"
            AFTER_RULES="$RULES_PATH/after${type}.rules"
            USER_RULES="$USER_PATH/user${type}.rules"

            # flush the chains (if they exist)
            if $exe -L ufw${type}-before-logging-input -n >/dev/null 2>&1 ; then
                delete_chains $type || error="yes"
            else
                # setup all the primary chains
                printf "*filter\n"\
"# primary chains\n"\
":ufw${type}-before-logging-input - [0:0]\n"\
":ufw${type}-before-logging-output - [0:0]\n"\
":ufw${type}-before-logging-forward - [0:0]\n"\
":ufw${type}-before-input - [0:0]\n"\
":ufw${type}-before-output - [0:0]\n"\
":ufw${type}-before-forward - [0:0]\n"\
":ufw${type}-after-input - [0:0]\n"\
":ufw${type}-after-output - [0:0]\n"\
":ufw${type}-after-forward - [0:0]\n"\
":ufw${type}-after-logging-input - [0:0]\n"\
":ufw${type}-after-logging-output - [0:0]\n"\
":ufw${type}-after-logging-forward - [0:0]\n"\
":ufw${type}-reject-input - [0:0]\n"\
":ufw${type}-reject-output - [0:0]\n"\
":ufw${type}-reject-forward - [0:0]\n"\
":ufw${type}-track-input - [0:0]\n"\
":ufw${type}-track-output - [0:0]\n"\
":ufw${type}-track-forward - [0:0]\n"\
"\n"\
"-A INPUT -j ufw${type}-before-logging-input\n"\
"-A INPUT -j ufw${type}-before-input\n"\
"-A INPUT -j ufw${type}-after-input\n"\
"-A INPUT -j ufw${type}-after-logging-input\n"\
"-A INPUT -j ufw${type}-reject-input\n"\
"-A INPUT -j ufw${type}-track-input\n"\
"\n"\
"-A OUTPUT -j ufw${type}-before-logging-output\n"\
"-A OUTPUT -j ufw${type}-before-output\n"\
"-A OUTPUT -j ufw${type}-after-output\n"\
"-A OUTPUT -j ufw${type}-after-logging-output\n"\
"-A OUTPUT -j ufw${type}-reject-output\n"\
"-A OUTPUT -j ufw${type}-track-output\n"\
"\n"\
"-A FORWARD -j ufw${type}-before-logging-forward\n"\
"-A FORWARD -j ufw${type}-before-forward\n"\
"-A FORWARD -j ufw${type}-after-forward\n"\
"-A FORWARD -j ufw${type}-after-logging-forward\n"\
"-A FORWARD -j ufw${type}-reject-forward\n"\
"-A FORWARD -j ufw${type}-track-forward\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
            fi

            # add reject policy
            if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then
                printf "*filter\n"\
"-A ufw${type}-reject-input -j REJECT\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
            fi
            if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then
                printf "*filter\n"\
"-A ufw${type}-reject-output -j REJECT\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
            fi
            if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then
                printf "*filter\n"\
"-A ufw${type}-reject-forward -j REJECT\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
            fi

            # add tracking policy
            if [ "$DEFAULT_INPUT_POLICY" = "ACCEPT" ]; then
                printf "*filter\n"\
"-A ufw${type}-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\
"-A ufw${type}-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
            fi

            if [ "$DEFAULT_OUTPUT_POLICY" = "ACCEPT" ]; then
                printf "*filter\n"\
"-A ufw${type}-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\
"-A ufw${type}-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
            fi

            if [ "$DEFAULT_FORWARD_POLICY" = "ACCEPT" ]; then
                printf "*filter\n"\
"-A ufw${type}-track-forward -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\
"-A ufw${type}-track-forward -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
            fi

            # now setup the secondary 'logging-deny' chains
            if ! $exe -L ufw${type}-logging-deny -n >/dev/null 2>&1 ; then
                printf "*filter\n"\
":ufw${type}-logging-deny - [0:0]\n"\
":ufw${type}-logging-allow - [0:0]\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
            fi

            # now setup the secondary 'skip to policy' chains
            if ! $exe -L ufw${type}-skip-to-policy-input -n >/dev/null 2>&1 ; then
                printf "*filter\n"\
":ufw${type}-skip-to-policy-input - [0:0]\n"\
":ufw${type}-skip-to-policy-output - [0:0]\n"\
":ufw${type}-skip-to-policy-forward - [0:0]\n"\
"-A ufw${type}-skip-to-policy-input -j %s\n"\
"-A ufw${type}-skip-to-policy-output -j %s\n"\
"-A ufw${type}-skip-to-policy-forward -j %s\n"\
"COMMIT\n" $DEFAULT_INPUT_POLICY $DEFAULT_OUTPUT_POLICY $DEFAULT_FORWARD_POLICY | $exe-restore -n || error="yes"
            fi

            # now ip[6]tables-restore before*.rules. This resets the following
            # chains:
            #   ufw-before-input
            #   ufw-before-output
            #   ufw-before-forward
            #
            # and sets the following:
            #   ufw-not-local
            if [ -s "$BEFORE_RULES" ]; then
                if ! $exe-restore -n < "$BEFORE_RULES" ; then
                    out="${out}\nProblem running '$BEFORE_RULES'"
                    error="yes"
                fi
            else
                out="${out}\nCouldn't find '$BEFORE_RULES'"
                error="yes"
            fi

            # now ip[6]tables-restore after*.rules. This resets the following
            # chains:
            #   ufw-after-input
            #   ufw-after-output
            #   ufw-after-forward
            if [ -s "$AFTER_RULES" ]; then
                if ! $exe-restore -n < "$AFTER_RULES" ; then
                    out="${out}\nProblem running '$AFTER_RULES'"
                    error="yes"
                fi
            else
                out="${out}\nCouldn't find '$AFTER_RULES'"
                error="yes"
            fi

            # user chains
            if [ -s "$USER_RULES" ]; then
                # setup the secondary 'user' chains
                if ! $exe -L ufw${type}-user-input -n >/dev/null 2>&1 ; then
                    printf "*filter\n"\
":ufw${type}-user-input - [0:0]\n"\
":ufw${type}-user-output - [0:0]\n"\
":ufw${type}-user-forward - [0:0]\n"\
":ufw${type}-user-logging-input - [0:0]\n"\
":ufw${type}-user-logging-output - [0:0]\n"\
":ufw${type}-user-logging-forward - [0:0]\n"\
":ufw${type}-user-limit - [0:0]\n"\
":ufw${type}-user-limit-accept - [0:0]\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
                fi

                # now ip[6]tables-restore user*.rules. This resets the following
                # chains:
                #   ufw-before-logging-input
                #   ufw-before-logging-output
                #   ufw-before-logging-forward
                #   ufw-after-logging-input
                #   ufw-after-logging-output
                #   ufw-after-logging-forward
                #   ufw-logging-deny
                #   ufw-logging-allow
                #   ufw-after-input
                #   ufw-after-output
                #   ufw-after-forward
                #   ufw-user-limit
                #   ufw-user-limit-accept
                if ! $exe-restore -n < "$USER_RULES" ; then
                    out="${out}\nProblem running '$USER_RULES'"
                    error="yes"
                fi

                # now hooks these into the primary chains
                printf "*filter\n"\
"-A ufw${type}-before-input -j ufw${type}-user-input\n"\
"-A ufw${type}-before-output -j ufw${type}-user-output\n"\
"-A ufw${type}-before-forward -j ufw${type}-user-forward\n"\
"COMMIT\n" | $exe-restore -n || error="yes"
            else
                out="${out}\nCouldn't find '$USER_RULES'"
                error="yes"
            fi

            # set the default policy (do this after loading rules so not to
            # break network rootfs w/ INPUT DROP during ufw init. LP: 1946804)
            input_pol="$DEFAULT_INPUT_POLICY"
            if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then
                input_pol="DROP"
            fi

            output_pol="$DEFAULT_OUTPUT_POLICY"
            if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then
                output_pol="DROP"
            fi

            forward_pol="$DEFAULT_FORWARD_POLICY"
            if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then
                forward_pol="DROP"
            fi

            # Since we're setting the default policy last, '-n/--noflush' is
            # important here so we don't undo what we've loaded so far.
            printf "*filter\n"\
"# builtin chains\n"\
":INPUT %s [0:0]\n"\
":FORWARD %s [0:0]\n"\
":OUTPUT %s [0:0]\n"\
"COMMIT\n" $input_pol $forward_pol $output_pol | $exe-restore -n || error="yes"
        done

        if [ ! -z "$IPT_SYSCTL" ] && [ -s "$IPT_SYSCTL" ]; then
            sysctl -e -q -p $IPT_SYSCTL || true
        fi

        if [ -x "$RULES_PATH/after.init" ]; then
            if ! "$RULES_PATH/after.init" start ; then
                error="yes"
                out="${out}\n'$RULES_PATH/after.init start' exited with error"
            fi
        fi

        if [ "$error" = "yes" ]; then
            /bin/echo -e "$out"
            return 1
        fi
    else
        out="Skip starting firewall: ufw (not enabled)"
    fi
    if [ ! -z "$out" ]; then
        /bin/echo -e "$out"
    fi
}

ufw_stop() {
    if [ "$1" != "--force" ] && [ "$ENABLED" != "yes" ] && [ "$ENABLED" != "YES" ]; then
        echo "Skip stopping firewall: ufw (not enabled)"
        return 0
    fi

    error=""

    if [ -x "$RULES_PATH/before.init" ]; then
        if ! "$RULES_PATH/before.init" stop ; then
            error="yes"
            out="${out}\n'$RULES_PATH/before.init stop' exited with error"
        fi
    fi

    # If we manage the builtins, just return
    if [ "$MANAGE_BUILTINS" = "yes" ]; then
        flush_builtins || error="yes"
        if [ -x "$RULES_PATH/after.init" ]; then
            "$RULES_PATH/after.init" stop || error="yes"
        fi
        if [ "$error" = "yes" ]; then
            return 1
        fi
        return 0
    fi

    execs="iptables"
    if ip6tables -L INPUT -n >/dev/null 2>&1; then
        execs="$execs ip6tables"
    fi

    for exe in $execs
    do
        type=""
        if [ "$exe" = "ip6tables" ]; then
            type="6"
        fi
        delete_chains $type || error="yes"
        $exe -P INPUT ACCEPT || error="yes"
        $exe -P OUTPUT ACCEPT || error="yes"
        $exe -P FORWARD ACCEPT || error="yes"
    done

    if [ -x "$RULES_PATH/after.init" ]; then
        if ! "$RULES_PATH/after.init" stop ; then
            error="yes"
        fi
    fi

    if [ "$error" = "yes" ]; then
        return 1
    fi
    return 0
}

ufw_reload() {
    if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
        if [ -x "$RULES_PATH/before.init" ]; then
            "$RULES_PATH/before.init" stop || return 1
        fi
        ufw_stop || return "$?"
        if [ -x "$RULES_PATH/after.init" ]; then
            "$RULES_PATH/after.init" stop || return 1
        fi

        if [ -x "$RULES_PATH/before.init" ]; then
            "$RULES_PATH/before.init" start || return 1
        fi
        ufw_start || return "$?"
        if [ -x "$RULES_PATH/after.init" ]; then
            "$RULES_PATH/after.init" start || return 1
        fi
    else
        echo "Skipping $1 (not enabled)"
    fi
    return 0
}

ufw_status() {
    err=""
    iptables -L ufw-user-input -n >/dev/null 2>&1 || {
        echo "Firewall is not running"
        return 3
    }

    if [ "$IPV6" = "yes" ] || [ "$IPV6" = "YES" ]; then
        ip6tables -L ufw6-user-input -n >/dev/null 2>&1 || {
            # unknown state: ipv4 ok, but ipv6 isn't
            echo "Firewall in inconsistent state (IPv6 enabled but not running)"
            return 4
        }
    fi

    echo "Firewall is running"
    return 0
}