From 6fb304e38477363f6d11be1ac59e5b9dee402cdf Mon Sep 17 00:00:00 2001 From: Ilia Ross Date: Sat, 2 May 2026 02:00:11 +0200 Subject: [PATCH] Add a separate button for flushing active rulesets [rebuild-all-modules] --- nftables/flush.cgi | 25 +++++++++++++++++++++++++ nftables/index.cgi | 1 + nftables/lang/en | 9 ++++++++- nftables/nftables-lib.pl | 13 +++++++++++++ 4 files changed, 47 insertions(+), 1 deletion(-) create mode 100755 nftables/flush.cgi diff --git a/nftables/flush.cgi b/nftables/flush.cgi new file mode 100755 index 000000000..8551a6854 --- /dev/null +++ b/nftables/flush.cgi @@ -0,0 +1,25 @@ +#!/usr/bin/perl +# flush.cgi +# Flush the active nftables ruleset + +require './nftables-lib.pl'; ## no critic +use strict; +use warnings; +our (%in, %text); +ReadParse(); +error_setup($text{'flush_err'}); + +if ($in{'confirm'}) { + my $err = flush_ruleset(); + error(text('flush_failed', $err)) if ($err); + webmin_log("flush", "ruleset"); + redirect("index.cgi"); +} + +ui_print_header(undef, $text{'flush_title'}, "", "intro", 1, 1); +print ui_form_start("flush.cgi"); +print "
$text{'flush_confirm'}

\n"; +print ui_submit($text{'flush_ok'}, "confirm"); +print "

\n"; +print ui_form_end(); +ui_print_footer("index.cgi", $text{'index_return'}); diff --git a/nftables/index.cgi b/nftables/index.cgi index 6ff6b585c..a3f4c417f 100755 --- a/nftables/index.cgi +++ b/nftables/index.cgi @@ -200,6 +200,7 @@ if (@tables) { print ui_buttons_row("create_table.cgi", $text{'index_table_create'}, $text{'index_table_createdesc'}); print ui_buttons_row("apply.cgi", $text{'index_apply'}, $text{'index_applydesc'}); + print ui_buttons_row("flush.cgi", $text{'index_flush'}, $text{'index_flushdesc'}); print ui_buttons_end(); } diff --git a/nftables/lang/en b/nftables/lang/en index de701347f..074575742 100644 --- a/nftables/lang/en +++ b/nftables/lang/en @@ -49,7 +49,9 @@ index_cdeletesel=Delete Selected index_cmovesel=Move Selected index_radd=Add Rule index_apply=Apply Configuration -index_applydesc=Click this button to make the firewall configuration listed above active. Any current firewall rules will be flushed and replaced +index_applydesc=Click this button to load the saved firewall configuration into the active nftables ruleset. +index_flush=Flush Active Ruleset +index_flushdesc=Click this button to remove all active nftables tables, chains, sets and rules without changing the saved configuration. index_unapply=Revert Configuration index_unapplydesc=Click this button to reset the configuration listed above to the one that is currently active. index_bootup=Activate at Boot @@ -63,6 +65,11 @@ save=Save delete=Delete save_err=Failed to save rule apply_err=Failed to apply configuration +flush_title=Flush active ruleset +flush_err=Failed to flush active ruleset +flush_failed=Failed to flush active ruleset: $1 +flush_confirm=Are you sure you want to remove all active nftables tables, chains, sets and rules? +flush_ok=Flush Ruleset setup_title=Setup Default Ruleset setup_header=Create Default Ruleset setup_desc=This page allows you to create a default nftables ruleset. Select one of the options below and click 'Create'. diff --git a/nftables/nftables-lib.pl b/nftables/nftables-lib.pl index 9ae580fd8..1f5edf878 100644 --- a/nftables/nftables-lib.pl +++ b/nftables/nftables-lib.pl @@ -1043,6 +1043,19 @@ if ($?) { return; } +# flush_ruleset() +# Flushes all active nftables tables, chains, sets and rules +sub flush_ruleset +{ +my $cmd = get_nft_command(); +return text('index_ecommand', "nft") if (!$cmd); +my $out = backquote_logged("$cmd flush ruleset 2>&1"); +if ($?) { + return "
$out
"; +} +return; +} + # describe_rule(&rule) sub describe_rule {