Add a separate button for flushing active rulesets

[rebuild-all-modules]
2026-05-06 15:20:29 +01:00 · 2026-05-02 02:00:11 +02:00
parent 82e9e1c7dd
commit 6fb304e384
4 changed files with 47 additions and 1 deletions
--- a/nftables/flush.cgi
+++ b/nftables/flush.cgi
@@ -0,0 +1,25 @@
+#!/usr/bin/perl
+# flush.cgi
+# Flush the active nftables ruleset
+
+require './nftables-lib.pl'; ## no critic
+use strict;
+use warnings;
+our (%in, %text);
+ReadParse();
+error_setup($text{'flush_err'});
+
+if ($in{'confirm'}) {
+    my $err = flush_ruleset();
+    error(text('flush_failed', $err)) if ($err);
+    webmin_log("flush", "ruleset");
+    redirect("index.cgi");
+}
+
+ui_print_header(undef, $text{'flush_title'}, "", "intro", 1, 1);
+print ui_form_start("flush.cgi");
+print "<center><b>$text{'flush_confirm'}</b><p>\n";
+print ui_submit($text{'flush_ok'}, "confirm");
+print "</center>\n";
+print ui_form_end();
+ui_print_footer("index.cgi", $text{'index_return'});
--- a/nftables/index.cgi
+++ b/nftables/index.cgi
@@ -200,6 +200,7 @@ if (@tables) {
    print ui_buttons_row("create_table.cgi", $text{'index_table_create'},
                          $text{'index_table_createdesc'});
    print ui_buttons_row("apply.cgi", $text{'index_apply'}, $text{'index_applydesc'});
+    print ui_buttons_row("flush.cgi", $text{'index_flush'}, $text{'index_flushdesc'});
    print ui_buttons_end();
 }

--- a/nftables/lang/en
+++ b/nftables/lang/en
@@ -49,7 +49,9 @@ index_cdeletesel=Delete Selected
 index_cmovesel=Move Selected
 index_radd=Add Rule
 index_apply=Apply Configuration
-index_applydesc=Click this button to make the firewall configuration listed above active. Any current firewall rules will be flushed and replaced
+index_applydesc=Click this button to load the saved firewall configuration into the active nftables ruleset.
+index_flush=Flush Active Ruleset
+index_flushdesc=Click this button to remove all active nftables tables, chains, sets and rules without changing the saved configuration.
 index_unapply=Revert Configuration
 index_unapplydesc=Click this button to reset the configuration listed above to the one that is currently active.
 index_bootup=Activate at Boot
@@ -63,6 +65,11 @@ save=Save
 delete=Delete
 save_err=Failed to save rule
 apply_err=Failed to apply configuration
+flush_title=Flush active ruleset
+flush_err=Failed to flush active ruleset
+flush_failed=Failed to flush active ruleset: $1
+flush_confirm=Are you sure you want to remove all active nftables tables, chains, sets and rules?
+flush_ok=Flush Ruleset
 setup_title=Setup Default Ruleset
 setup_header=Create Default Ruleset
 setup_desc=This page allows you to create a default nftables ruleset. Select one of the options below and click 'Create'.
--- a/nftables/nftables-lib.pl
+++ b/nftables/nftables-lib.pl
@@ -1043,6 +1043,19 @@ if ($?) {
 return;
 }

+# flush_ruleset()
+# Flushes all active nftables tables, chains, sets and rules
+sub flush_ruleset
+{
+my $cmd = get_nft_command();
+return text('index_ecommand', "<tt>nft</tt>") if (!$cmd);
+my $out = backquote_logged("$cmd flush ruleset 2>&1");
+if ($?) {
+    return "<pre>$out</pre>";
+}
+return;
+}
+
 # describe_rule(&rule)
 sub describe_rule
 {