static bool
print_chains(enum fw3_table table, enum fw3_family family,
- const char *fmt, uint8_t flags,
+ const char *fmt, uint16_t flags,
const struct chain *chains, int n)
{
bool rv = false;
if (c->table != table)
continue;
- if ((c->flag != FW3_DEFAULT_UNSPEC) && !(flags & (1 << c->flag)))
+ if ((c->flag != FW3_DEFAULT_UNSPEC) && !hasbit(flags, c->flag))
continue;
fw3_pr(fmt, c->name);
defs->tcp_window_scaling = true;
defs->custom_chains = true;
+ setbit(defs->flags, FW3_FAMILY_V4);
+
uci_foreach_element(&p->sections, e)
{
s = uci_to_section(e);
check_policy(e, &defs->policy_output, "output");
check_policy(e, &defs->policy_forward, "forward");
+ if (!defs->disable_ipv6)
+ setbit(defs->flags, FW3_FAMILY_V6);
+
if (defs->custom_chains)
- defs->has_flag |= (1 << FW3_DEFAULT_CUSTOM_CHAINS);
+ setbit(defs->flags, FW3_DEFAULT_CUSTOM_CHAINS);
if (defs->syn_flood)
- defs->has_flag |= (1 << FW3_DEFAULT_SYN_FLOOD);
+ setbit(defs->flags, FW3_DEFAULT_SYN_FLOOD);
}
}
struct fw3_state *state)
{
struct fw3_defaults *defs = &state->defaults;
- const char *policy[] = {
- "(bug)",
- "ACCEPT",
- "DROP",
- "DROP",
- "(bug)",
- "(bug)",
- "(bug)",
- };
+
+#define policy(t) \
+ ((t == FW3_TARGET_REJECT) ? "DROP" : fw3_flag_names[t])
if (table == FW3_TABLE_FILTER)
{
- fw3_pr(":INPUT %s [0:0]\n", policy[defs->policy_input]);
- fw3_pr(":FORWARD %s [0:0]\n", policy[defs->policy_forward]);
- fw3_pr(":OUTPUT %s [0:0]\n", policy[defs->policy_output]);
+ fw3_pr(":INPUT %s [0:0]\n", policy(defs->policy_input));
+ fw3_pr(":FORWARD %s [0:0]\n", policy(defs->policy_forward));
+ fw3_pr(":OUTPUT %s [0:0]\n", policy(defs->policy_output));
}
- print_chains(table, family, ":%s - [0:0]\n", defs->has_flag,
+ print_chains(table, family, ":%s - [0:0]\n", defs->flags,
default_chains, ARRAY_SIZE(default_chains));
}
void
fw3_flush_rules(enum fw3_table table, enum fw3_family family,
- bool pass2, struct list_head *statefile)
+ bool pass2, struct fw3_state *state)
{
- struct fw3_statefile_entry *e;
+ struct fw3_defaults *d = &state->running_defaults;
- list_for_each_entry(e, statefile, list)
+ if (!hasbit(d->flags, family))
+ return;
+
+ if (!pass2)
{
- if (e->type != FW3_TYPE_DEFAULTS)
- continue;
+ reset_policy(table);
- if (!pass2)
- {
- reset_policy(table);
+ print_chains(table, family, "-D %s\n", state->running_defaults.flags,
+ toplevel_rules, ARRAY_SIZE(toplevel_rules));
- print_chains(table, family, "-D %s\n", e->flags[0],
- toplevel_rules, ARRAY_SIZE(toplevel_rules));
+ print_chains(table, family, "-F %s\n", state->running_defaults.flags,
+ default_chains, ARRAY_SIZE(default_chains));
+ }
+ else
+ {
+ print_chains(table, family, "-X %s\n", state->running_defaults.flags,
+ default_chains, ARRAY_SIZE(default_chains));
- print_chains(table, family, "-F %s\n", e->flags[0],
- default_chains, ARRAY_SIZE(default_chains));
- }
- else
- {
- print_chains(table, family, "-X %s\n", e->flags[0],
- default_chains, ARRAY_SIZE(default_chains));
- }
+ delbit(d->flags, family);
}
}
projects / project / firewall3.git / blobdiff