C(ANY, MANGLE, UNSPEC, "mssfix"),
C(ANY, MANGLE, UNSPEC, "fwmark"),
- C(ANY, RAW, UNSPEC, "notrack"),
+ C(ANY, RAW, UNSPEC, "delegate_notrack"),
{ }
};
FW3_OPT("synflood_burst", int, defaults, syn_flood_rate.burst),
FW3_OPT("tcp_syncookies", bool, defaults, tcp_syncookies),
- FW3_OPT("tcp_ecn", bool, defaults, tcp_ecn),
+ FW3_OPT("tcp_ecn", int, defaults, tcp_ecn),
FW3_OPT("tcp_window_scaling", bool, defaults, tcp_window_scaling),
FW3_OPT("accept_redirects", bool, defaults, accept_redirects),
{ FW3_TABLE_MANGLE, "FORWARD", "mssfix" },
{ FW3_TABLE_MANGLE, "PREROUTING", "fwmark" },
- { FW3_TABLE_RAW, "PREROUTING", "notrack" },
+ { FW3_TABLE_RAW, "PREROUTING", "delegate_notrack" },
{ 0, NULL },
};
r = fw3_ipt_rule_new(handle);
fw3_ipt_rule_target(r, tr->target);
- fw3_ipt_rule_append(r, tr->chain);
+ fw3_ipt_rule_replace(r, tr->chain);
}
switch (handle->table)
{
r = fw3_ipt_rule_new(handle);
fw3_ipt_rule_comment(r, "user chain for %s", chains[i+1]);
- fw3_ipt_rule_target(r, chains[i+1]);
+ fw3_ipt_rule_target(r, "%s_rule", chains[i+1]);
fw3_ipt_rule_append(r, chains[i]);
}
}
}
static void
-set_default(const char *name, bool set)
+set_default(const char *name, int set)
{
FILE *f;
char path[sizeof("/proc/sys/net/ipv4/tcp_window_scaling\0")];
if (c->table != handle->table)
continue;
- if (c->flag &&
- !hasbit(defs->flags[handle->family == FW3_FAMILY_V6], c->flag))
+ if (c->flag && !has(defs->flags, handle->family, c->flag))
+ continue;
+
+ fw3_ipt_flush_chain(handle, c->format);
+
+ /* keep certain basic chains that do not depend on any settings to
+ avoid purging unrelated user rules pointing to them */
+ if (reload && !c->flag)
continue;
- fw3_ipt_delete_rules(handle, c->format);
fw3_ipt_delete_chain(handle, c->format);
}
projects / project / firewall3.git / blobdiff