projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use libiptc to clear current ruleset
[project/firewall3.git]
/
zones.c
diff --git
a/zones.c
b/zones.c
index
a269629
..
1fd785b
100644
(file)
--- a/
zones.c
+++ b/
zones.c
@@
-94,6
+94,9
@@
const struct fw3_option fw3_zone_opts[] = {
FW3_OPT("log", bool, zone, log),
FW3_OPT("log_limit", limit, zone, log_limit),
FW3_OPT("log", bool, zone, log),
FW3_OPT("log_limit", limit, zone, log_limit),
+ FW3_OPT("__flags_v4", int, zone, flags[0]),
+ FW3_OPT("__flags_v6", int, zone, flags[1]),
+
{ }
};
{ }
};
@@
-129,7
+132,7
@@
resolve_networks(struct uci_element *e, struct fw3_zone *zone)
continue;
}
continue;
}
-
tmp->network = net
;
+
snprintf(tmp->network, sizeof(tmp->network), "%s", net->name)
;
list_add_tail(&tmp->list, &zone->devices);
}
}
list_add_tail(&tmp->list, &zone->devices);
}
}
@@
-152,9
+155,6
@@
fw3_alloc_zone(void)
INIT_LIST_HEAD(&zone->masq_src);
INIT_LIST_HEAD(&zone->masq_dest);
INIT_LIST_HEAD(&zone->masq_src);
INIT_LIST_HEAD(&zone->masq_dest);
- INIT_LIST_HEAD(&zone->running_networks);
- INIT_LIST_HEAD(&zone->running_devices);
-
zone->enabled = true;
zone->custom_chains = true;
zone->log_limit.rate = 10;
zone->enabled = true;
zone->custom_chains = true;
zone->log_limit.rate = 10;
@@
-273,7
+273,6
@@
print_zone_chain(struct fw3_state *state, enum fw3_family family,
if (c || r)
{
info(" * Zone '%s'", zone->name);
if (c || r)
{
info(" * Zone '%s'", zone->name);
- fw3_set_running(zone, &state->running_zones);
set(zone->flags, family, table);
}
set(zone->flags, family, table);
}
@@
-502,26
+501,36
@@
fw3_print_zone_rules(struct fw3_state *state, enum fw3_family family,
}
void
}
void
-fw3_flush_zones(struct fw3_
state *state, enum fw3_family family
,
-
enum fw3_table table, bool reload, bool pass2
)
+fw3_flush_zones(struct fw3_
ipt_handle *handle, struct fw3_state *state
,
+
bool reload
)
{
struct fw3_zone *z, *tmp;
{
struct fw3_zone *z, *tmp;
- uint32_t custom_mask = ~0;
-
- /* don't touch user chains on selective stop */
- if (reload)
- delbit(custom_mask, FW3_FLAG_CUSTOM_CHAINS);
+ const struct fw3_rule_spec *c;
+ char chain[32];
- list_for_each_entry_safe(z, tmp, &state->
running_zones, running_
list)
+ list_for_each_entry_safe(z, tmp, &state->
zones,
list)
{
{
- if (!has(z->flags,
family,
table))
+ if (!has(z->flags,
handle->family, handle->
table))
continue;
continue;
- fw3_pr_rulespec(table, family, z->flags, custom_mask, zone_chains,
- pass2 ? "-X %s\n" : "-F %s\n", z->name);
+ for (c = zone_chains; c->format; c++)
+ {
+ /* don't touch user chains on selective stop */
+ if (reload && hasbit(c->flag, FW3_FLAG_CUSTOM_CHAINS))
+ continue;
+
+ if (!fw3_is_family(c, handle->family))
+ continue;
+
+ if (c->table != handle->table)
+ continue;
- if (pass2)
- del(z->flags, family, table);
+ snprintf(chain, sizeof(chain), c->format, z->name);
+ fw3_ipt_delete_rules(handle, chain);
+ fw3_ipt_delete_chain(handle, chain);
+ }
+
+ del(z->flags, handle->family, handle->table);
}
}
}
}
@@
-531,36
+540,23
@@
fw3_hotplug_zones(struct fw3_state *state, bool add)
struct fw3_zone *z;
struct fw3_device *d;
struct fw3_zone *z;
struct fw3_device *d;
-
if (add
)
+
list_for_each_entry(z, &state->zones, list
)
{
{
-
list_for_each_entry(z, &state->running_zones, running_list
)
+
if (add != hasbit(z->flags[0], FW3_FLAG_HOTPLUG)
)
{
{
- if (!hasbit(z->flags[0], FW3_FLAG_HOTPLUG))
- {
- list_for_each_entry(d, &z->devices, list)
- fw3_hotplug(add, z, d);
+ list_for_each_entry(d, &z->devices, list)
+ fw3_hotplug(add, z, d);
+ if (add)
setbit(z->flags[0], FW3_FLAG_HOTPLUG);
setbit(z->flags[0], FW3_FLAG_HOTPLUG);
- }
- }
- }
- else
- {
- list_for_each_entry(z, &state->running_zones, running_list)
- {
- if (hasbit(z->flags[0], FW3_FLAG_HOTPLUG))
- {
- list_for_each_entry(d, &z->running_devices, list)
- fw3_hotplug(add, z, d);
-
+ else
delbit(z->flags[0], FW3_FLAG_HOTPLUG);
delbit(z->flags[0], FW3_FLAG_HOTPLUG);
- }
}
}
}
struct fw3_zone *
}
}
}
struct fw3_zone *
-fw3_lookup_zone(struct fw3_state *state, const char *name
, bool running
)
+fw3_lookup_zone(struct fw3_state *state, const char *name)
{
struct fw3_zone *z;
{
struct fw3_zone *z;
@@
-572,10
+568,7
@@
fw3_lookup_zone(struct fw3_state *state, const char *name, bool running)
if (strcmp(z->name, name))
continue;
if (strcmp(z->name, name))
continue;
- if (!running || z->running_list.next)
- return z;
-
- break;
+ return z;
}
return NULL;
}
return NULL;
@@
-586,13
+579,13
@@
fw3_free_zone(struct fw3_zone *zone)
{
struct fw3_device *dev, *tmp;
{
struct fw3_device *dev, *tmp;
- list_for_each_entry_safe(dev, tmp, &zone->
running_
devices, list)
+ list_for_each_entry_safe(dev, tmp, &zone->devices, list)
{
list_del(&dev->list);
free(dev);
}
{
list_del(&dev->list);
free(dev);
}
- list_for_each_entry_safe(dev, tmp, &zone->
running_
networks, list)
+ list_for_each_entry_safe(dev, tmp, &zone->networks, list)
{
list_del(&dev->list);
free(dev);
{
list_del(&dev->list);
free(dev);