projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Introduce fw3_no_family() helper macro and use it
[project/firewall3.git]
/
main.c
diff --git
a/main.c
b/main.c
index
6eb002f
..
09baca9
100644
(file)
--- a/
main.c
+++ b/
main.c
@@
-135,7
+135,7
@@
restore_pipe(enum fw3_family family, bool silent)
static bool
family_running(struct fw3_state *state, enum fw3_family family)
{
static bool
family_running(struct fw3_state *state, enum fw3_family family)
{
- return hasbit(state->
running_defaults.
flags, family);
+ return hasbit(state->
defaults.running_
flags, family);
}
static bool
}
static bool
@@
-160,15
+160,18
@@
family_set(struct fw3_state *state, enum fw3_family family, bool set)
}
static int
}
static int
-stop(struct fw3_state *state, bool complete, bool re
start
)
+stop(struct fw3_state *state, bool complete, bool re
load
)
{
{
+ FILE *ct;
+
int rv = 1;
enum fw3_family family;
enum fw3_table table;
int rv = 1;
enum fw3_family family;
enum fw3_table table;
+ enum fw3_target policy = reload ? FW3_TARGET_DROP : FW3_TARGET_ACCEPT;
if (!complete && !state->statefile)
{
if (!complete && !state->statefile)
{
- if (!re
start
)
+ if (!re
load
)
warn("The firewall appears to be stopped. "
"Use the 'flush' command to forcefully purge all rules.");
warn("The firewall appears to be stopped. "
"Use the 'flush' command to forcefully purge all rules.");
@@
-202,12
+205,12
@@
stop(struct fw3_state *state, bool complete, bool restart)
else
{
/* pass 1 */
else
{
/* pass 1 */
- fw3_flush_rules(table, family, false, state);
- fw3_flush_zones(table, family, false, state);
+ fw3_flush_rules(table, family, false, state
, policy
);
+ fw3_flush_zones(table, family, false,
reload,
state);
/* pass 2 */
/* pass 2 */
- fw3_flush_rules(table, family, true, state);
- fw3_flush_zones(table, family, true, state);
+ fw3_flush_rules(table, family, true, state
, policy
);
+ fw3_flush_zones(table, family, true,
reload,
state);
}
fw3_pr("COMMIT\n");
}
fw3_pr("COMMIT\n");
@@
-215,16
+218,26
@@
stop(struct fw3_state *state, bool complete, bool restart)
fw3_command_close();
fw3_command_close();
- if (!restart)
+ if (!reload)
+ {
+ if (fw3_command_pipe(false, "ipset", "-exist", "-"))
+ {
+ fw3_destroy_ipsets(state, family);
+ fw3_command_close();
+ }
+
family_set(state, family, false);
family_set(state, family, false);
+ }
rv = 0;
}
rv = 0;
}
- if (
!restart && fw3_command_pipe(false, "ipset", "-exist", "-")
)
+ if (
complete && (ct = fopen("/proc/net/nf_conntrack", "w")) != NULL
)
{
{
- fw3_destroy_ipsets(state);
- fw3_command_close();
+ info("Flushing conntrack table ...");
+
+ fwrite("f\n", 2, 1, ct);
+ fclose(ct);
}
if (!rv)
}
if (!rv)
@@
-240,11
+253,15
@@
start(struct fw3_state *state, bool reload)
enum fw3_family family;
enum fw3_table table;
enum fw3_family family;
enum fw3_table table;
- if (!print_rules && !reload &&
- fw3_command_pipe(false, "ipset", "-exist", "-"))
+ if (!print_rules && !reload)
{
{
- fw3_create_ipsets(state);
- fw3_command_close();
+ fw3_set_defaults(state);
+
+ if (fw3_command_pipe(false, "ipset", "-exist", "-"))
+ {
+ fw3_create_ipsets(state);
+ fw3_command_close();
+ }
}
for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
}
for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
@@
-362,7
+379,7
@@
int main(int argc, char **argv)
struct fw3_state *state = NULL;
struct fw3_defaults *defs = NULL;
struct fw3_state *state = NULL;
struct fw3_defaults *defs = NULL;
- while ((ch = getopt(argc, argv, "46qh")) != -1)
+ while ((ch = getopt(argc, argv, "46
d
qh")) != -1)
{
switch (ch)
{
{
switch (ch)
{
@@
-374,6
+391,10
@@
int main(int argc, char **argv)
use_family = FW3_FAMILY_V6;
break;
use_family = FW3_FAMILY_V6;
break;
+ case 'd':
+ fw3_pr_debug = true;
+ break;
+
case 'q':
freopen("/dev/null", "w", stderr);
break;
case 'q':
freopen("/dev/null", "w", stderr);
break;