Clean up dead code

[project/firewall3.git] / defaults.c

diff --git a/defaults.c b/defaults.c
index ec95ec918e7e116bfdf0e5338690e5c06795d1bc..07468873730b12e31a546a5fa7d3d306cffcfb35 100644 (file)
--- a/defaults.c
+++ b/defaults.c
@@ -40,7 +40,7 @@ static const struct fw3_chain_spec default_chains[] = {
        C(ANY, MANGLE, UNSPEC,        "mssfix"),
        C(ANY, MANGLE, UNSPEC,        "fwmark"),
 
-       C(ANY, RAW,    UNSPEC,        "notrack"),
+       C(ANY, RAW,    UNSPEC,        "delegate_notrack"),
 
        { }
 };
@@ -208,7 +208,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
                { FW3_TABLE_MANGLE, "FORWARD",     "mssfix" },
                { FW3_TABLE_MANGLE, "PREROUTING",  "fwmark" },
 
-               { FW3_TABLE_RAW,    "PREROUTING",  "notrack" },
+               { FW3_TABLE_RAW,    "PREROUTING",  "delegate_notrack" },
 
                { 0, NULL },
        };
@@ -220,7 +220,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 
                r = fw3_ipt_rule_new(handle);
                fw3_ipt_rule_target(r, tr->target);
-               fw3_ipt_rule_append(r, tr->chain);
+               fw3_ipt_rule_replace(r, tr->chain);
        }
 
        switch (handle->table)
@@ -419,7 +419,13 @@ fw3_flush_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
                if (c->flag && !has(defs->flags, handle->family, c->flag))
                        continue;
 
-               fw3_ipt_delete_rules(handle, c->format);
+               fw3_ipt_flush_chain(handle, c->format);
+
+               /* keep certain basic chains that do not depend on any settings to
+                  avoid purging unrelated user rules pointing to them */
+               if (reload && !c->flag)
+                       continue;
+
                fw3_ipt_delete_chain(handle, c->format);
        }