struct uci_element *e;
struct fw3_defaults *defs = &state->defaults;
+ bool flow_offload_avaliable = false;
bool seen = false;
defs->tcp_reject_code = FW3_REJECT_CODE_TCP_RESET;
check_any_reject_code(e, &defs->any_reject_code);
/* exists in both ipv4 and ipv6, if at all, so only check ipv4 */
- check_target(e, &defs->flow_offloading, "FLOWOFFLOAD", false);
+ check_target(e, &flow_offload_avaliable, "FLOWOFFLOAD", false);
+
+ if (!flow_offload_avaliable)
+ defs->flow_offloading = false;
}
}
for (c = default_chains; c->format; c++)
{
- /* don't touch user chains on selective stop */
- if (reload && c->flag == FW3_FLAG_CUSTOM_CHAINS)
- continue;
-
if (!fw3_is_family(c, handle->family))
continue;
!fw3_hasbit(defs->flags[handle->family == FW3_FAMILY_V6], c->flag))
continue;
- fw3_ipt_create_chain(handle, c->format);
+ fw3_ipt_create_chain(handle, reload, c->format);
}
set(defs->flags, handle->family, handle->table);
{
int i;
struct fw3_defaults *defs = &state->defaults;
- struct fw3_device lodev = { .set = true };
+ struct fw3_device lodev = { .set = true, .name = "lo" };
struct fw3_protocol tcp = { .protocol = 6 };
struct fw3_ipt_rule *r;
{
case FW3_TABLE_FILTER:
- sprintf(lodev.name, "lo");
-
r = fw3_ipt_rule_create(handle, NULL, &lodev, NULL, NULL, NULL);
fw3_ipt_rule_target(r, "ACCEPT");
fw3_ipt_rule_append(r, "INPUT");
set_default(const char *name, int set)
{
FILE *f;
- char path[sizeof("/proc/sys/net/ipv4/tcp_window_scaling\0")];
+ char path[sizeof("/proc/sys/net/ipv4/tcp_window_scaling")];
snprintf(path, sizeof(path), "/proc/sys/net/ipv4/tcp_%s", name);
fw3_ipt_delete_id_rules(handle, "PREROUTING");
fw3_ipt_delete_id_rules(handle, "POSTROUTING");
+ /* first flush all the rules ... */
for (c = default_chains; c->format; c++)
{
/* don't touch user chains on selective stop */
continue;
fw3_ipt_flush_chain(handle, c->format);
+ }
+
+ /* ... then remove the chains */
+ for (c = default_chains; c->format; c++)
+ {
+ if (!fw3_is_family(c, handle->family))
+ continue;
- /* keep certain basic chains that do not depend on any settings to
- avoid purging unrelated user rules pointing to them */
- if (reload && !c->flag)
+ if (c->table != handle->table)
+ continue;
+
+ if (c->flag && !has(defs->flags, handle->family, c->flag))
continue;
- fw3_ipt_delete_chain(handle, c->format);
+ fw3_ipt_delete_chain(handle, reload, c->format);
}
del(defs->flags, handle->family, handle->table);
projects / project / firewall3.git / blobdiff