}
setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));
+ setbit(zone->flags[0], fw3_to_src_target(zone->policy_forward));
setbit(zone->flags[0], zone->policy_output);
- setbit(zone->flags[0], zone->policy_forward);
setbit(zone->flags[1], fw3_to_src_target(zone->policy_input));
+ setbit(zone->flags[1], fw3_to_src_target(zone->policy_forward));
setbit(zone->flags[1], zone->policy_output);
- setbit(zone->flags[1], zone->policy_forward);
list_add_tail(&zone->list, &state->zones);
}
fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
r = fw3_ipt_rule_new(handle);
- fw3_ipt_rule_target(r, "zone_%s_dest_%s", zone->name,
+ fw3_ipt_rule_target(r, "zone_%s_src_%s", zone->name,
fw3_flag_names[zone->policy_forward]);
fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);
continue;
snprintf(chain, sizeof(chain), c->format, z->name);
- fw3_ipt_delete_rules(handle, chain);
+ fw3_ipt_flush_chain(handle, chain);
+
+ /* keep certain basic chains that do not depend on any settings to
+ avoid purging unrelated user rules pointing to them */
+ if (reload && !c->flag)
+ continue;
+
fw3_ipt_delete_chain(handle, chain);
}
return all;
}
-
-void
-fw3_free_zone(struct fw3_zone *zone)
-{
- struct fw3_device *dev, *tmp;
-
- list_for_each_entry_safe(dev, tmp, &zone->devices, list)
- {
- list_del(&dev->list);
- free(dev);
- }
-
- list_for_each_entry_safe(dev, tmp, &zone->networks, list)
- {
- list_del(&dev->list);
- free(dev);
- }
-
- fw3_free_object(zone, fw3_zone_opts);
-}
projects / project / firewall3.git / blobdiff