When running "/etc/init.d/firewall reload & fw3 -q restart", the
fw3 instance that handle the reload might try to read the running
state after firewall was stopped by the fw3 instance that does the
restarting. Since a NULL run_state will transform reload operation in
start operation, the resulted iptables chains will contain duplicate
sets of rules.
}
build_state(false);
- build_state(true);
defs = &cfg_state->defaults;
if (optind >= argc)
print_family = family;
fw3_pr_debug = true;
- rv = start();
+ if (fw3_lock())
+ {
+ build_state(true);
+ rv = start();
+ fw3_unlock();
+ }
}
else if (!strcmp(argv[optind], "start"))
{
if (fw3_lock())
{
+ build_state(true);
rv = start();
fw3_unlock();
}
{
if (fw3_lock())
{
+ build_state(true);
rv = stop(false);
fw3_unlock();
}
{
if (fw3_lock())
{
+ build_state(true);
rv = stop(true);
fw3_unlock();
}
{
if (fw3_lock())
{
+ build_state(true);
stop(true);
rv = start();
fw3_unlock();
{
if (fw3_lock())
{
+ build_state(true);
rv = reload();
fw3_unlock();
}
projects / oweals / firewall3.git / commitdiff