X-Git-Url: https://git.archive.openwrt.org/?a=blobdiff_plain;f=main.c;h=fdb901a7ba997b4e366f0608ca469f35a2ae29d4;hb=ea1e5c25c1c4c8c82b51c0440d033944ccb4e2e2;hp=79324a4431340ca333b2ba88c38eb51263df8e02;hpb=a60a91f643e2bceb202cc4c965c47dc6325c1f02;p=project%2Ffirewall3.git

diff --git a/main.c b/main.c
index 79324a4..fdb901a 100644
--- a/main.c
+++ b/main.c
@@ -125,11 +125,13 @@ restore_pipe(enum fw3_family family, bool silent)
 }
 
 static int
-stop(struct fw3_state *state, bool complete)
+stop(struct fw3_state *state, bool complete, bool ipsets)
 {
 	enum fw3_family family;
 	enum fw3_table table;
 
+	struct list_head *statefile = fw3_read_state();
+
 	const char *tables[] = {
 		"filter",
 		"nat",
@@ -153,24 +155,37 @@ stop(struct fw3_state *state, bool complete)
 			     complete ? "Flush" : "Clear", tables[table]);
 
 			fw3_pr("*%s\n", tables[table]);
-			fw3_print_flush_rules(table, family, state, complete);
+
+			if (complete)
+			{
+				fw3_flush_all(table);
+			}
+			else
+			{
+				/* pass 1 */
+				fw3_flush_rules(table, family, false, statefile);
+				fw3_flush_zones(table, family, false, statefile);
+
+				/* pass 2 */
+				fw3_flush_rules(table, family, true, statefile);
+				fw3_flush_zones(table, family, true, statefile);
+			}
+
 			fw3_pr("COMMIT\n");
 		}
 
 		fw3_command_close();
 	}
 
-	return 0;
-}
+	if (ipsets && fw3_command_pipe(false, "ipset", "-exist", "-"))
+	{
+		fw3_destroy_ipsets(statefile);
+		fw3_command_close();
+	}
 
-static void
-destroy_ipsets(struct fw3_state *state)
-{
-	if (!fw3_command_pipe(false, "ipset", "-exist", "-"))
-		return;
+	fw3_free_state(statefile);
 
-	fw3_destroy_ipsets(state);
-	fw3_command_close();
+	return 0;
 }
 
 static int
@@ -209,11 +224,12 @@ start(struct fw3_state *state)
 			fw3_pr("*%s\n", tables[table]);
 			fw3_print_default_chains(table, family, state);
 			fw3_print_zone_chains(table, family, state);
-			fw3_print_default_rules(table, family, state);
+			fw3_print_default_head_rules(table, family, state);
 			fw3_print_rules(table, family, state);
 			fw3_print_redirects(table, family, state);
 			fw3_print_forwards(table, family, state);
 			fw3_print_zone_rules(table, family, state);
+			fw3_print_default_tail_rules(table, family, state);
 			fw3_pr("COMMIT\n");
 		}
 
@@ -355,17 +371,13 @@ int main(int argc, char **argv)
 			goto out;
 		}
 
-		rv = stop(state, false);
-
-		destroy_ipsets(state);
+		rv = stop(state, false, true);
 
 		fw3_remove_state();
 	}
 	else if (!strcmp(argv[optind], "flush"))
 	{
-		rv = stop(state, true);
-
-		destroy_ipsets(state);
+		rv = stop(state, true, true);
 
 		if (fw3_has_state())
 			fw3_remove_state();
@@ -374,7 +386,7 @@ int main(int argc, char **argv)
 	{
 		if (fw3_has_state())
 		{
-			stop(state, false);
+			stop(state, false, false);
 			fw3_remove_state();
 		}