X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=defaults.c;fp=defaults.c;h=ccd320c7d6f11bf85b118ad6557d12610435dd7f;hp=396cbf757356eb236fd5ff905c026890273560b5;hb=410cff5e62db45e8415bf25bf50395b4e7e22482;hpb=18a503d0125aebc3a8d62dad1c02e6bb1da92eb6 diff --git a/defaults.c b/defaults.c index 396cbf7..ccd320c 100644 --- a/defaults.c +++ b/defaults.c @@ -23,24 +23,24 @@ { FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_FLAG_##def, fmt } static const struct fw3_chain_spec default_chains[] = { - C(ANY, FILTER, UNSPEC, "delegate_input"), - C(ANY, FILTER, UNSPEC, "delegate_output"), - C(ANY, FILTER, UNSPEC, "delegate_forward"), + //C(ANY, FILTER, UNSPEC, "delegate_input"), + //C(ANY, FILTER, UNSPEC, "delegate_output"), + //C(ANY, FILTER, UNSPEC, "delegate_forward"), C(ANY, FILTER, UNSPEC, "reject"), C(ANY, FILTER, CUSTOM_CHAINS, "input_rule"), C(ANY, FILTER, CUSTOM_CHAINS, "output_rule"), C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_rule"), C(ANY, FILTER, SYN_FLOOD, "syn_flood"), - C(V4, NAT, UNSPEC, "delegate_prerouting"), - C(V4, NAT, UNSPEC, "delegate_postrouting"), + //C(V4, NAT, UNSPEC, "delegate_prerouting"), + //C(V4, NAT, UNSPEC, "delegate_postrouting"), C(V4, NAT, CUSTOM_CHAINS, "prerouting_rule"), C(V4, NAT, CUSTOM_CHAINS, "postrouting_rule"), - C(ANY, MANGLE, UNSPEC, "mssfix"), - C(ANY, MANGLE, UNSPEC, "fwmark"), + //C(ANY, MANGLE, UNSPEC, "mssfix"), + //C(ANY, MANGLE, UNSPEC, "fwmark"), - C(ANY, RAW, UNSPEC, "delegate_notrack"), + //C(ANY, RAW, UNSPEC, "delegate_notrack"), { } }; @@ -189,39 +189,39 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle, struct fw3_device lodev = { .set = true }; struct fw3_protocol tcp = { .protocol = 6 }; struct fw3_ipt_rule *r; - struct toplevel_rule *tr; + //struct toplevel_rule *tr; const char *chains[] = { - "delegate_input", "input", - "delegate_output", "output", - "delegate_forward", "forwarding", + "INPUT", "input", + "OUTPUT", "output", + "FORWARD", "forwarding", }; - struct toplevel_rule rules[] = { - { FW3_TABLE_FILTER, "INPUT", "delegate_input" }, - { FW3_TABLE_FILTER, "OUTPUT", "delegate_output" }, - { FW3_TABLE_FILTER, "FORWARD", "delegate_forward" }, - - { FW3_TABLE_NAT, "PREROUTING", "delegate_prerouting" }, - { FW3_TABLE_NAT, "POSTROUTING", "delegate_postrouting" }, - - { FW3_TABLE_MANGLE, "FORWARD", "mssfix" }, - { FW3_TABLE_MANGLE, "PREROUTING", "fwmark" }, - - { FW3_TABLE_RAW, "PREROUTING", "delegate_notrack" }, - - { 0, NULL }, - }; - - for (tr = rules; tr->chain; tr++) - { - if (tr->table != handle->table) - continue; - - r = fw3_ipt_rule_new(handle); - fw3_ipt_rule_target(r, tr->target); - fw3_ipt_rule_replace(r, tr->chain); - } + //struct toplevel_rule rules[] = { + // { FW3_TABLE_FILTER, "INPUT", "delegate_input" }, + // { FW3_TABLE_FILTER, "OUTPUT", "delegate_output" }, + // { FW3_TABLE_FILTER, "FORWARD", "delegate_forward" }, + // + // { FW3_TABLE_NAT, "PREROUTING", "delegate_prerouting" }, + // { FW3_TABLE_NAT, "POSTROUTING", "delegate_postrouting" }, + // + // { FW3_TABLE_MANGLE, "FORWARD", "mssfix" }, + // { FW3_TABLE_MANGLE, "PREROUTING", "fwmark" }, + // + // { FW3_TABLE_RAW, "PREROUTING", "delegate_notrack" }, + // + // { 0, NULL }, + //}; + // + //for (tr = rules; tr->chain; tr++) + //{ + // if (tr->table != handle->table) + // continue; + // + // r = fw3_ipt_rule_new(handle); + // fw3_ipt_rule_target(r, tr->target); + // fw3_ipt_rule_replace(r, tr->chain); + //} switch (handle->table) { @@ -231,11 +231,11 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle, r = fw3_ipt_rule_create(handle, NULL, &lodev, NULL, NULL, NULL); fw3_ipt_rule_target(r, "ACCEPT"); - fw3_ipt_rule_append(r, "delegate_input"); + fw3_ipt_rule_append(r, "INPUT"); r = fw3_ipt_rule_create(handle, NULL, NULL, &lodev, NULL, NULL); fw3_ipt_rule_target(r, "ACCEPT"); - fw3_ipt_rule_append(r, "delegate_output"); + fw3_ipt_rule_append(r, "OUTPUT"); if (defs->custom_chains) { @@ -279,7 +279,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle, r = fw3_ipt_rule_create(handle, &tcp, NULL, NULL, NULL, NULL); fw3_ipt_rule_extra(r, "--syn"); fw3_ipt_rule_target(r, "syn_flood"); - fw3_ipt_rule_append(r, "delegate_input"); + fw3_ipt_rule_append(r, "INPUT"); } r = fw3_ipt_rule_create(handle, &tcp, NULL, NULL, NULL, NULL); @@ -300,12 +300,12 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle, r = fw3_ipt_rule_new(handle); fw3_ipt_rule_comment(r, "user chain for prerouting"); fw3_ipt_rule_target(r, "prerouting_rule"); - fw3_ipt_rule_append(r, "delegate_prerouting"); + fw3_ipt_rule_append(r, "PREROUTING"); r = fw3_ipt_rule_new(handle); fw3_ipt_rule_comment(r, "user chain for postrouting"); fw3_ipt_rule_target(r, "postrouting_rule"); - fw3_ipt_rule_append(r, "delegate_postrouting"); + fw3_ipt_rule_append(r, "POSTROUTING"); } break; @@ -332,7 +332,7 @@ fw3_print_default_tail_rules(struct fw3_ipt_handle *handle, return; fw3_ipt_rule_target(r, "reject"); - fw3_ipt_rule_append(r, "delegate_input"); + fw3_ipt_rule_append(r, "INPUT"); } if (defs->policy_output == FW3_FLAG_REJECT) @@ -343,7 +343,7 @@ fw3_print_default_tail_rules(struct fw3_ipt_handle *handle, return; fw3_ipt_rule_target(r, "reject"); - fw3_ipt_rule_append(r, "delegate_output"); + fw3_ipt_rule_append(r, "OUTPUT"); } if (defs->policy_forward == FW3_FLAG_REJECT) @@ -354,7 +354,7 @@ fw3_print_default_tail_rules(struct fw3_ipt_handle *handle, return; fw3_ipt_rule_target(r, "reject"); - fw3_ipt_rule_append(r, "delegate_forward"); + fw3_ipt_rule_append(r, "FORWARD"); } } @@ -404,6 +404,12 @@ fw3_flush_rules(struct fw3_ipt_handle *handle, struct fw3_state *state, fw3_ipt_set_policy(handle, "FORWARD", policy); } + fw3_ipt_delete_id_rules(handle, "INPUT"); + fw3_ipt_delete_id_rules(handle, "OUTPUT"); + fw3_ipt_delete_id_rules(handle, "FORWARD"); + fw3_ipt_delete_id_rules(handle, "PREROUTING"); + fw3_ipt_delete_id_rules(handle, "POSTROUTING"); + for (c = default_chains; c->format; c++) { /* don't touch user chains on selective stop */