Properly handle deleted zones and ipsets on restarts

diff --git a/ipsets.c b/ipsets.c
index 48aaa9c0100ede8b7d2aa4d5ca0938adeb38e653..af03ddc94c0ef2c773d0f23de7fd3181509d4e84 100644 (file)
--- a/ipsets.c
+++ b/ipsets.c
@@ -366,8 +366,9 @@ fw3_create_ipsets(struct fw3_state *state)
                return;
 
        list_for_each_entry(ipset, &state->ipsets, list)
-               if (!fw3_lookup_ipset(state, ipset->name, true))
-                       create_ipset(ipset, state);
+               if (!hasbit(ipset->flags[0], FW3_FLAG_DELETED))
+                       if (!fw3_lookup_ipset(state, ipset->name, true))
+                               create_ipset(ipset, state);
 
        fw3_pr("quit\n");
 }

diff --git a/options.h b/options.h
index 3656a98abd51e2ea58ce2f206f47e00aeeb5d249..dd86d05d329c411a0b1d192358ff1a229ece6446 100644 (file)
--- a/options.h
+++ b/options.h
@@ -78,6 +78,7 @@ enum fw3_flag
        FW3_FLAG_MTU_FIX       = 17,
        FW3_FLAG_DROP_INVALID  = 18,
        FW3_FLAG_HOTPLUG       = 19,
+       FW3_FLAG_DELETED       = 20,
 
        __FW3_FLAG_MAX
 };

diff --git a/utils.c b/utils.c
index dbc713cd36e8ff675813b6d0a5f0f7117bd293c4..e7a22159244ec702a1a18a5a285f1ca54728c55e 100644 (file)
--- a/utils.c
+++ b/utils.c
@@ -409,6 +409,8 @@ fw3_read_statefile(void *state)
 
                                zone->name = strdup(name);
                                list_add_tail(&zone->list, &s->zones);
+
+                               setbit(flags[0], FW3_FLAG_DELETED);
                        }
 
                        zone->flags[0] = flags[0];
@@ -426,6 +428,8 @@ fw3_read_statefile(void *state)
 
                                ipset->name = strdup(name);
                                list_add_tail(&ipset->list, &s->ipsets);
+
+                               setbit(flags[0], FW3_FLAG_DELETED);
                        }
 
                        ipset->flags[0] = flags[0];
@@ -494,6 +498,9 @@ fw3_write_statefile(void *state)
 
        list_for_each_entry(z, &s->running_zones, running_list)
        {
+               if (hasbit(z->flags[0], FW3_FLAG_DELETED))
+                       continue;
+
                if (fw3_no_table(z->flags[0]) && fw3_no_table(z->flags[1]))
                        continue;
 
@@ -512,6 +519,9 @@ fw3_write_statefile(void *state)
 
        list_for_each_entry(i, &s->running_ipsets, running_list)
        {
+               if (hasbit(z->flags[0], FW3_FLAG_DELETED))
+                       continue;
+
                if (!fw3_no_family(i->flags[0]) || !fw3_no_family(i->flags[1]))
                {
                        fprintf(sf, "%x %s %x %x\n",

diff --git a/zones.c b/zones.c
index a269629f239d23d90c9392d1fcce17d272e1fde1..a9a559e0edcfb46c610d26db4bdbdb6b2da2eb50 100644 (file)
--- a/zones.c
+++ b/zones.c
@@ -488,7 +488,8 @@ fw3_print_zone_chains(struct fw3_state *state, enum fw3_family family,
        struct fw3_zone *zone;
 
        list_for_each_entry(zone, &state->zones, list)
-               print_zone_chain(state, family, table, reload, zone);
+               if (!hasbit(zone->flags[0], FW3_FLAG_DELETED))
+                       print_zone_chain(state, family, table, reload, zone);
 }
 
 void
@@ -498,7 +499,8 @@ fw3_print_zone_rules(struct fw3_state *state, enum fw3_family family,
        struct fw3_zone *zone;
 
        list_for_each_entry(zone, &state->zones, list)
-               print_zone_rule(state, family, table, reload, zone);
+               if (!hasbit(zone->flags[0], FW3_FLAG_DELETED))
+                       print_zone_rule(state, family, table, reload, zone);
 }
 
 void