add reload command to selectively rebuild rules (to be invoked from hotplug handler...

diff --git a/defaults.c b/defaults.c
index e1710c28e7d9b9dccb2807011874a565ba22e002..d2037f8c42bfab4528760b1926d7ffd48ba87720 100644 (file)
--- a/defaults.c
+++ b/defaults.c
@@ -181,6 +181,7 @@ fw3_print_default_chains(enum fw3_table table, enum fw3_family family,
                          struct fw3_state *state)
 {
        struct fw3_defaults *defs = &state->defaults;
+       uint16_t mask = ~0;
 
 #define policy(t) \
        ((t == FW3_TARGET_REJECT) ? "DROP" : fw3_flag_names[t])
@@ -192,7 +193,11 @@ fw3_print_default_chains(enum fw3_table table, enum fw3_family family,
                fw3_pr(":OUTPUT %s [0:0]\n", policy(defs->policy_output));
        }
 
-       print_chains(table, family, ":%s - [0:0]\n", defs->flags,
+       /* user chains already loaded, don't create again */
+       if (hasbit(state->running_defaults.flags, FW3_DEFAULT_CUSTOM_CHAINS))
+               delbit(mask, FW3_DEFAULT_CUSTOM_CHAINS);
+
+       print_chains(table, family, ":%s - [0:0]\n", defs->flags & mask,
                     default_chains, ARRAY_SIZE(default_chains));
 }
 
@@ -299,23 +304,27 @@ fw3_flush_rules(enum fw3_table table, enum fw3_family family,
                 bool pass2, struct fw3_state *state)
 {
        struct fw3_defaults *d = &state->running_defaults;
+       uint16_t mask = ~0;
 
        if (!hasbit(d->flags, family))
                return;
 
+       /* don't touch user chains on selective stop */
+       delbit(mask, FW3_DEFAULT_CUSTOM_CHAINS);
+
        if (!pass2)
        {
                reset_policy(table);
 
-               print_chains(table, family, "-D %s\n", state->running_defaults.flags,
+               print_chains(table, family, "-D %s\n", d->flags & mask,
                                         toplevel_rules, ARRAY_SIZE(toplevel_rules));
 
-               print_chains(table, family, "-F %s\n", state->running_defaults.flags,
+               print_chains(table, family, "-F %s\n", d->flags & mask,
                                         default_chains, ARRAY_SIZE(default_chains));
        }
        else
        {
-               print_chains(table, family, "-X %s\n", state->running_defaults.flags,
+               print_chains(table, family, "-X %s\n", d->flags & mask,
                                         default_chains, ARRAY_SIZE(default_chains));
 
                delbit(d->flags, family);

diff --git a/main.c b/main.c
index e5848276f420432cadf2d8c05a76d3c1f5a55a4e..e9179639b1a0264887858bd467ff6e930497bb4f 100644 (file)
--- a/main.c
+++ b/main.c
@@ -40,6 +40,9 @@ build_state(void)
        struct fw3_state *state = NULL;
        struct uci_package *p = NULL;
 
+       if (!fw3_ubus_connect())
+               error("Failed to connect to ubus");
+
        state = malloc(sizeof(*state));
 
        if (!state)
@@ -339,7 +342,7 @@ lookup_device(struct fw3_state *state, const char *dev)
 static int
 usage(void)
 {
-       fprintf(stderr, "fw3 [-4] [-6] [-q] {start|stop|flush|restart|print}\n");
+       fprintf(stderr, "fw3 [-4] [-6] [-q] {start|stop|flush|reload|restart|print}\n");
        fprintf(stderr, "fw3 [-q] network {net}\n");
        fprintf(stderr, "fw3 [-q] device {dev}\n");
 
@@ -375,9 +378,6 @@ int main(int argc, char **argv)
                }
        }
 
-       if (!fw3_ubus_connect())
-               error("Failed to connect to ubus");
-
        state = build_state();
        defs = &state->defaults;
 
@@ -418,6 +418,14 @@ int main(int argc, char **argv)
                rv = stop(state, true, false);
        }
        else if (!strcmp(argv[optind], "restart"))
+       {
+               stop(state, true, false);
+               free_state(state);
+
+               state = build_state();
+               rv = start(state, false);
+       }
+       else if (!strcmp(argv[optind], "reload"))
        {
                rv = stop(state, false, true);
                rv = start(state, !rv);