static int
stop(bool complete)
{
- FILE *ct;
-
int rv = 1;
enum fw3_family family;
enum fw3_table table;
if (run_state)
fw3_destroy_ipsets(run_state);
- if (complete && (ct = fopen("/proc/net/nf_conntrack", "w")) != NULL)
- {
- info(" * Flushing conntrack table ...");
-
- fwrite("f\n", 2, 1, ct);
- fclose(ct);
- }
+ if (complete)
+ fw3_flush_conntrack(NULL);
if (!rv && run_state)
fw3_write_statefile(run_state);
if (!rv)
{
+ fw3_flush_conntrack(run_state);
fw3_set_defaults(cfg_state);
if (!print_family)
if (!rv)
{
+ fw3_flush_conntrack(run_state);
+
fw3_set_defaults(cfg_state);
fw3_run_includes(cfg_state, true);
fw3_hotplug_zones(cfg_state, true);
return rv;
}
+static int
+gc(void)
+{
+ enum fw3_family family;
+ enum fw3_table table;
+ struct fw3_ipt_handle *handle;
+
+ for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
+ {
+ if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
+ continue;
+
+ for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
+ {
+ if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
+ continue;
+
+ if (!(handle = fw3_ipt_open(family, table)))
+ continue;
+
+ fw3_ipt_gc(handle);
+ fw3_ipt_commit(handle);
+ fw3_ipt_close(handle);
+ }
+ }
+
+ return 0;
+}
+
static int
lookup_network(const char *net)
{
fw3_unlock();
}
}
+ else if (!strcmp(argv[optind], "gc"))
+ {
+ if (fw3_lock())
+ {
+ rv = gc();
+ fw3_unlock();
+ }
+ }
else if (!strcmp(argv[optind], "network") && (optind + 1) < argc)
{
rv = lookup_network(argv[optind + 1]);
projects / project / firewall3.git / blobdiff