}
void
-fw3_destroy_ipsets(struct fw3_state *state)
+fw3_destroy_ipsets(struct fw3_state *state, enum fw3_family family)
{
struct fw3_ipset *s, *tmp;
- int mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6);
+ uint32_t family_mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6);
list_for_each_entry_safe(s, tmp, &state->running_ipsets, running_list)
{
- if (!hasbit(state->defaults.flags, FW3_FAMILY_V4))
- delbit(s->flags, FW3_FAMILY_V4);
+ if (hasbit(s->running_flags, family))
+ delbit(s->flags, family);
- if (!hasbit(state->defaults.flags, FW3_FAMILY_V6))
- delbit(s->flags, FW3_FAMILY_V6);
-
- if (!(s->flags & mask))
+ if (!(s->flags & family_mask))
{
info("Deleting ipset %s", s->name);
struct fw3_ipset * fw3_alloc_ipset(void);
void fw3_load_ipsets(struct fw3_state *state, struct uci_package *p);
void fw3_create_ipsets(struct fw3_state *state);
-void fw3_destroy_ipsets(struct fw3_state *state);
+void fw3_destroy_ipsets(struct fw3_state *state, enum fw3_family family);
struct fw3_ipset * fw3_lookup_ipset(struct fw3_state *state, const char *name,
bool running);
fw3_command_close();
if (!reload)
+ {
+ if (fw3_command_pipe(false, "ipset", "-exist", "-"))
+ {
+ fw3_destroy_ipsets(state, family);
+ fw3_command_close();
+ }
+
family_set(state, family, false);
+ }
rv = 0;
}
- if (!reload && fw3_command_pipe(false, "ipset", "-exist", "-"))
- {
- fw3_destroy_ipsets(state);
- fw3_command_close();
- }
-
if (complete && (ct = fopen("/proc/net/nf_conntrack", "w")) != NULL)
{
info("Flushing conntrack table ...");
const char *external;
uint32_t flags;
+ uint32_t running_flags;
};
struct fw3_include
list_add_tail(&ipset->list, &s->ipsets);
}
- ipset->flags = flags[0];
+ ipset->running_flags = flags[0];
list_add_tail(&ipset->running_list, &s->running_ipsets);
break;
}
projects / project / firewall3.git / commitdiff