firewall3: support table load on access on Linux 5.15+

With Linux 5.15+, tables are loaded on access. Firewall3 uses the
ip{,6}_tables_names proc entries to check if a table exists. In this new
implementation, the proc entries can contain wrong data if a table is present
but never used, and firewall3 will incorrectly think that the table is
unavailable. This causes configuration problems, since after a normal boot the
proc entries contain only the "filter" table and are missing "raw", "mangle" and
"nat".

To fix this, "poke" the tables to load them, simply by opening and closing them
without doing any operation. This simple operation is sufficient to make the
missing tables appear in the proc entries.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[Reword the commit message and code comment]
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>

diff --git a/main.c b/main.c
index 7ad00b424a7ce3355593ac35f8227ba4b47d2003..9afeb701edf1b1c3564dcea82da8e9ad248382a2 100644 (file)
--- a/main.c
+++ b/main.c
@@ -266,6 +266,17 @@ start(void)
                        continue;
                }
 
+               /* Linux 5.15+: make sure the tables are loaded and
+                * /proc/net/ip{,6}_tables_names are thus populated.
+                */
+               for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
+               {
+                       if (!(handle = fw3_ipt_open(family, table)))
+                               continue;
+
+                       fw3_ipt_close(handle);
+               }
+
                for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
                {
                        if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))