projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Make sure that NOTRACK is linked into firewall3 if it is part of libext*.a
[project/firewall3.git]
/
defaults.c
diff --git
a/defaults.c
b/defaults.c
index
ec95ec9
..
127f750
100644
(file)
--- a/
defaults.c
+++ b/
defaults.c
@@
-220,7
+220,7
@@
fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
r = fw3_ipt_rule_new(handle);
fw3_ipt_rule_target(r, tr->target);
r = fw3_ipt_rule_new(handle);
fw3_ipt_rule_target(r, tr->target);
- fw3_ipt_rule_
append
(r, tr->chain);
+ fw3_ipt_rule_
replace
(r, tr->chain);
}
switch (handle->table)
}
switch (handle->table)
@@
-419,7
+419,13
@@
fw3_flush_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
if (c->flag && !has(defs->flags, handle->family, c->flag))
continue;
if (c->flag && !has(defs->flags, handle->family, c->flag))
continue;
- fw3_ipt_delete_rules(handle, c->format);
+ fw3_ipt_flush_chain(handle, c->format);
+
+ /* keep certain basic chains that do not depend on any settings to
+ avoid purging unrelated user rules pointing to them */
+ if (reload && !c->flag)
+ continue;
+
fw3_ipt_delete_chain(handle, c->format);
}
fw3_ipt_delete_chain(handle, c->format);
}