+void
+fw3_print_default_tail_rules(struct fw3_ipt_handle *handle,
+ struct fw3_state *state, bool reload)
+{
+ struct fw3_defaults *defs = &state->defaults;
+ struct fw3_ipt_rule *r;
+
+ if (handle->table != FW3_TABLE_FILTER)
+ return;
+
+ if (defs->policy_input == FW3_FLAG_REJECT)
+ {
+ r = fw3_ipt_rule_new(handle);
+
+ if (!r)
+ return;
+
+ fw3_ipt_rule_target(r, "reject");
+ fw3_ipt_rule_append(r, "INPUT");
+ }
+
+ if (defs->policy_output == FW3_FLAG_REJECT)
+ {
+ r = fw3_ipt_rule_new(handle);
+
+ if (!r)
+ return;
+
+ fw3_ipt_rule_target(r, "reject");
+ fw3_ipt_rule_append(r, "OUTPUT");
+ }
+
+ if (defs->policy_forward == FW3_FLAG_REJECT)
+ {
+ r = fw3_ipt_rule_new(handle);
+
+ if (!r)
+ return;
+
+ fw3_ipt_rule_target(r, "reject");
+ fw3_ipt_rule_append(r, "FORWARD");
+ }
+}
+
+static void
+set_default(const char *name, int set)
+{
+ FILE *f;
+ char path[sizeof("/proc/sys/net/ipv4/tcp_window_scaling\0")];
+
+ snprintf(path, sizeof(path), "/proc/sys/net/ipv4/tcp_%s", name);
+
+ info(" * Set tcp_%s to %s", name, set ? "on" : "off", name);
+
+ if (!(f = fopen(path, "w")))
+ {
+ info(" ! Unable to write value: %s", strerror(errno));
+ return;