FW3_OPT("log", bool, zone, log),
FW3_OPT("log_limit", limit, zone, log_limit),
+ FW3_OPT("__flags_v4", int, zone, flags[0]),
+ FW3_OPT("__flags_v6", int, zone, flags[1]),
+
{ }
};
continue;
}
- tmp->network = net;
+ snprintf(tmp->network, sizeof(tmp->network), "%s", net->name);
list_add_tail(&tmp->list, &zone->devices);
}
}
INIT_LIST_HEAD(&zone->masq_src);
INIT_LIST_HEAD(&zone->masq_dest);
- INIT_LIST_HEAD(&zone->running_networks);
- INIT_LIST_HEAD(&zone->running_devices);
-
zone->enabled = true;
zone->custom_chains = true;
zone->log_limit.rate = 10;
if (c || r)
{
info(" * Zone '%s'", zone->name);
- fw3_set_running(zone, &state->running_zones);
set(zone->flags, family, table);
}
}
void
-fw3_flush_zones(struct fw3_state *state, enum fw3_family family,
- enum fw3_table table, bool reload, bool pass2)
+fw3_flush_zones(struct fw3_ipt_handle *handle, struct fw3_state *state,
+ bool reload)
{
struct fw3_zone *z, *tmp;
- uint32_t custom_mask = ~0;
-
- /* don't touch user chains on selective stop */
- if (reload)
- delbit(custom_mask, FW3_FLAG_CUSTOM_CHAINS);
+ const struct fw3_rule_spec *c;
+ char chain[32];
- list_for_each_entry_safe(z, tmp, &state->running_zones, running_list)
+ list_for_each_entry_safe(z, tmp, &state->zones, list)
{
- if (!has(z->flags, family, table))
+ if (!has(z->flags, handle->family, handle->table))
continue;
- fw3_pr_rulespec(table, family, z->flags, custom_mask, zone_chains,
- pass2 ? "-X %s\n" : "-F %s\n", z->name);
+ for (c = zone_chains; c->format; c++)
+ {
+ /* don't touch user chains on selective stop */
+ if (reload && hasbit(c->flag, FW3_FLAG_CUSTOM_CHAINS))
+ continue;
+
+ if (!fw3_is_family(c, handle->family))
+ continue;
+
+ if (c->table != handle->table)
+ continue;
- if (pass2)
- del(z->flags, family, table);
+ snprintf(chain, sizeof(chain), c->format, z->name);
+ fw3_ipt_delete_rules(handle, chain);
+ fw3_ipt_delete_chain(handle, chain);
+ }
+
+ del(z->flags, handle->family, handle->table);
}
}
struct fw3_zone *z;
struct fw3_device *d;
- if (add)
+ list_for_each_entry(z, &state->zones, list)
{
- list_for_each_entry(z, &state->running_zones, running_list)
+ if (add != hasbit(z->flags[0], FW3_FLAG_HOTPLUG))
{
- if (!hasbit(z->flags[0], FW3_FLAG_HOTPLUG))
- {
- list_for_each_entry(d, &z->devices, list)
- fw3_hotplug(add, z, d);
+ list_for_each_entry(d, &z->devices, list)
+ fw3_hotplug(add, z, d);
+ if (add)
setbit(z->flags[0], FW3_FLAG_HOTPLUG);
- }
- }
- }
- else
- {
- list_for_each_entry(z, &state->running_zones, running_list)
- {
- if (hasbit(z->flags[0], FW3_FLAG_HOTPLUG))
- {
- list_for_each_entry(d, &z->running_devices, list)
- fw3_hotplug(add, z, d);
-
+ else
delbit(z->flags[0], FW3_FLAG_HOTPLUG);
- }
}
}
}
struct fw3_zone *
-fw3_lookup_zone(struct fw3_state *state, const char *name, bool running)
+fw3_lookup_zone(struct fw3_state *state, const char *name)
{
struct fw3_zone *z;
if (strcmp(z->name, name))
continue;
- if (!running || z->running_list.next)
- return z;
-
- break;
+ return z;
}
return NULL;
{
struct fw3_device *dev, *tmp;
- list_for_each_entry_safe(dev, tmp, &zone->running_devices, list)
+ list_for_each_entry_safe(dev, tmp, &zone->devices, list)
{
list_del(&dev->list);
free(dev);
}
- list_for_each_entry_safe(dev, tmp, &zone->running_networks, list)
+ list_for_each_entry_safe(dev, tmp, &zone->networks, list)
{
list_del(&dev->list);
free(dev);
projects / project / firewall3.git / blobdiff