/*
* firewall3 - 3rd OpenWrt UCI firewall implementation
*
- * Copyright (C) 2013-2014 Jo-Philipp Wich <jow@openwrt.org>
+ * Copyright (C) 2013-2014 Jo-Philipp Wich <jo@mein.io>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include "includes.h"
#include "ubus.h"
#include "iptables.h"
+#include "helpers.h"
static enum fw3_family print_family = FW3_FAMILY_ANY;
else
{
if (!fw3_ubus_connect())
- error("Failed to connect to ubus");
+ warn("Failed to connect to ubus");
if (uci_load(state->uci, "firewall", &p))
{
fw3_ubus_rules(&b);
fw3_load_defaults(state, p);
- fw3_load_ipsets(state, p);
+ fw3_load_cthelpers(state, p);
+ fw3_load_ipsets(state, p, b.head);
fw3_load_zones(state, p);
fw3_load_rules(state, p, b.head);
- fw3_load_redirects(state, p);
+ fw3_load_redirects(state, p, b.head);
fw3_load_snats(state, p, b.head);
- fw3_load_forwards(state, p);
- fw3_load_includes(state, p);
+ fw3_load_forwards(state, p, b.head);
+ fw3_load_includes(state, p, b.head);
return true;
}
list_for_each_safe(cur, tmp, &state->includes)
fw3_free_include((struct fw3_include *)cur);
+ list_for_each_safe(cur, tmp, &state->cthelpers)
+ fw3_free_cthelper((struct fw3_cthelper *)cur);
+
uci_free_context(state->uci);
free(state);
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
- if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
- continue;
-
if (!(handle = fw3_ipt_open(family, table)))
continue;
rv = 0;
}
- if (run_state)
- fw3_destroy_ipsets(run_state);
+ if (run_state) {
+ for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
+ fw3_destroy_ipsets(run_state, family, false);
+ }
if (complete)
fw3_flush_conntrack(NULL);
enum fw3_table table;
struct fw3_ipt_handle *handle;
- if (!print_family)
- fw3_create_ipsets(cfg_state);
-
for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
{
+ if (!print_family)
+ fw3_create_ipsets(cfg_state, family, false);
+
if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
continue;
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
- if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
- continue;
-
if (!(handle = fw3_ipt_open(family, table)))
continue;
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
- if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
- continue;
-
if (!(handle = fw3_ipt_open(family, table)))
continue;
fw3_ipt_close(handle);
}
+ fw3_ipsets_update_run_state(family, run_state, cfg_state);
+ fw3_destroy_ipsets(run_state, family, true);
+
family_set(run_state, family, false);
family_set(cfg_state, family, false);
if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
continue;
+ fw3_create_ipsets(cfg_state, family, true);
+
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
- if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
- continue;
-
if (!(handle = fw3_ipt_open(family, table)))
continue;
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
- if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
- continue;
-
if (!(handle = fw3_ipt_open(family, table)))
continue;
}
build_state(false);
- build_state(true);
defs = &cfg_state->defaults;
if (optind >= argc)
print_family = family;
fw3_pr_debug = true;
- rv = start();
+ if (fw3_lock())
+ {
+ build_state(true);
+ rv = start();
+ fw3_unlock();
+ }
}
else if (!strcmp(argv[optind], "start"))
{
if (fw3_lock())
{
+ build_state(true);
rv = start();
fw3_unlock();
}
{
if (fw3_lock())
{
+ build_state(true);
rv = stop(false);
fw3_unlock();
}
{
if (fw3_lock())
{
+ build_state(true);
rv = stop(true);
fw3_unlock();
}
{
if (fw3_lock())
{
+ build_state(true);
stop(true);
rv = start();
fw3_unlock();
{
if (fw3_lock())
{
+ build_state(true);
rv = reload();
fw3_unlock();
}
projects / project / firewall3.git / blobdiff