X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=main.c;h=32ff87dbf1d42d2a54b02b2f3b26f18e23f595f2;hp=7a8969fae7a5683d4b3a75011dc7f3464bb6891c;hb=6e6a38ea87aebeaefe70869c226cadad0312f144;hpb=294f209f64dca84d1c4dd801a1f7e615e39f0726

diff --git a/main.c b/main.c
index 7a8969f..32ff87d 100644
--- a/main.c
+++ b/main.c
@@ -205,6 +205,7 @@ stop(bool complete)
 			}
 
 			fw3_ipt_commit(handle);
+			fw3_ipt_close(handle);
 		}
 
 		family_set(run_state, family, false);
@@ -214,13 +215,7 @@ stop(bool complete)
 	}
 
 	if (run_state)
-	{
-		if (fw3_command_pipe(false, "ipset", "-exist", "-"))
-		{
-			fw3_destroy_ipsets(run_state);
-			fw3_command_close();
-		}
-	}
+		fw3_destroy_ipsets(run_state);
 
 	if (complete && (ct = fopen("/proc/net/nf_conntrack", "w")) != NULL)
 	{
@@ -245,13 +240,7 @@ start(void)
 	struct fw3_ipt_handle *handle;
 
 	if (!print_family)
-	{
-		if (fw3_command_pipe(false, "ipset", "-exist", "-"))
-		{
-			fw3_create_ipsets(cfg_state);
-			fw3_command_close();
-		}
-	}
+		fw3_create_ipsets(cfg_state);
 
 	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
 	{
@@ -292,6 +281,8 @@ start(void)
 
 			if (!print_family)
 				fw3_ipt_commit(handle);
+
+			fw3_ipt_close(handle);
 		}
 
 		if (!print_family)
@@ -327,8 +318,10 @@ reload(void)
 	enum fw3_table table;
 	struct fw3_ipt_handle *handle;
 
-	if (!print_family && run_state)
-		fw3_hotplug_zones(run_state, false);
+	if (!run_state)
+		return start();
+
+	fw3_hotplug_zones(run_state, false);
 
 	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
 	{
@@ -346,13 +339,10 @@ reload(void)
 			info(" * Clearing %s %s table",
 			     fw3_flag_names[family], fw3_flag_names[table]);
 
-			if (run_state)
-			{
-				fw3_flush_rules(handle, run_state, true);
-				fw3_flush_zones(handle, run_state, true);
-			}
-
+			fw3_flush_rules(handle, run_state, true);
+			fw3_flush_zones(handle, run_state, true);
 			fw3_ipt_commit(handle);
+			fw3_ipt_close(handle);
 		}
 
 		family_set(run_state, family, false);
@@ -383,6 +373,7 @@ start:
 			fw3_print_default_tail_rules(handle, cfg_state, true);
 
 			fw3_ipt_commit(handle);
+			fw3_ipt_close(handle);
 		}
 
 		fw3_print_includes(cfg_state, family, true);
@@ -396,13 +387,9 @@ start:
 	if (!rv)
 	{
 		fw3_set_defaults(cfg_state);
-
-		if (!print_family)
-		{
-			fw3_run_includes(cfg_state, true);
-			fw3_hotplug_zones(cfg_state, true);
-			fw3_write_statefile(cfg_state);
-		}
+		fw3_run_includes(cfg_state, true);
+		fw3_hotplug_zones(cfg_state, true);
+		fw3_write_statefile(cfg_state);
 	}
 
 	return rv;
@@ -465,6 +452,7 @@ usage(void)
 int main(int argc, char **argv)
 {
 	int ch, rv = 1;
+	enum fw3_family family = FW3_FAMILY_ANY;
 	struct fw3_defaults *defs = NULL;
 
 	while ((ch = getopt(argc, argv, "46dqh")) != -1)
@@ -472,11 +460,11 @@ int main(int argc, char **argv)
 		switch (ch)
 		{
 		case '4':
-			print_family = FW3_FAMILY_V4;
+			family = FW3_FAMILY_V4;
 			break;
 
 		case '6':
-			print_family = FW3_FAMILY_V6;
+			family = FW3_FAMILY_V6;
 			break;
 
 		case 'd':
@@ -505,14 +493,24 @@ int main(int argc, char **argv)
 
 	if (!strcmp(argv[optind], "print"))
 	{
-		if (print_family == FW3_FAMILY_ANY)
-			print_family = FW3_FAMILY_V4;
-		else if (print_family == FW3_FAMILY_V6 && defs->disable_ipv6)
-			warn("IPv6 rules globally disabled in configuration");
+		if (family == FW3_FAMILY_ANY)
+		{
+			family = FW3_FAMILY_V4;
+		}
+		else if (family == FW3_FAMILY_V6)
+		{
+			if (defs->disable_ipv6)
+				warn("IPv6 rules globally disabled in configuration");
+#ifdef DISABLE_IPV6
+			else
+				warn("IPv6 support is not compiled in");
+#endif
+		}
 
 		freopen("/dev/null", "w", stderr);
 
 		cfg_state->disable_ipsets = true;
+		print_family = family;
 		fw3_pr_debug = true;
 
 		rv = start();