From 608e5b8957d7134f0d6bdd7754de788081b3179a Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 22 Feb 2013 12:49:33 +0100 Subject: [PATCH] add reload command to selectively rebuild rules (to be invoked from hotplug handler) and make the restart command flush and recreate all rules --- defaults.c | 17 +++++++++++++---- main.c | 16 ++++++++++++---- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/defaults.c b/defaults.c index e1710c2..d2037f8 100644 --- a/defaults.c +++ b/defaults.c @@ -181,6 +181,7 @@ fw3_print_default_chains(enum fw3_table table, enum fw3_family family, struct fw3_state *state) { struct fw3_defaults *defs = &state->defaults; + uint16_t mask = ~0; #define policy(t) \ ((t == FW3_TARGET_REJECT) ? "DROP" : fw3_flag_names[t]) @@ -192,7 +193,11 @@ fw3_print_default_chains(enum fw3_table table, enum fw3_family family, fw3_pr(":OUTPUT %s [0:0]\n", policy(defs->policy_output)); } - print_chains(table, family, ":%s - [0:0]\n", defs->flags, + /* user chains already loaded, don't create again */ + if (hasbit(state->running_defaults.flags, FW3_DEFAULT_CUSTOM_CHAINS)) + delbit(mask, FW3_DEFAULT_CUSTOM_CHAINS); + + print_chains(table, family, ":%s - [0:0]\n", defs->flags & mask, default_chains, ARRAY_SIZE(default_chains)); } @@ -299,23 +304,27 @@ fw3_flush_rules(enum fw3_table table, enum fw3_family family, bool pass2, struct fw3_state *state) { struct fw3_defaults *d = &state->running_defaults; + uint16_t mask = ~0; if (!hasbit(d->flags, family)) return; + /* don't touch user chains on selective stop */ + delbit(mask, FW3_DEFAULT_CUSTOM_CHAINS); + if (!pass2) { reset_policy(table); - print_chains(table, family, "-D %s\n", state->running_defaults.flags, + print_chains(table, family, "-D %s\n", d->flags & mask, toplevel_rules, ARRAY_SIZE(toplevel_rules)); - print_chains(table, family, "-F %s\n", state->running_defaults.flags, + print_chains(table, family, "-F %s\n", d->flags & mask, default_chains, ARRAY_SIZE(default_chains)); } else { - print_chains(table, family, "-X %s\n", state->running_defaults.flags, + print_chains(table, family, "-X %s\n", d->flags & mask, default_chains, ARRAY_SIZE(default_chains)); delbit(d->flags, family); diff --git a/main.c b/main.c index e584827..e917963 100644 --- a/main.c +++ b/main.c @@ -40,6 +40,9 @@ build_state(void) struct fw3_state *state = NULL; struct uci_package *p = NULL; + if (!fw3_ubus_connect()) + error("Failed to connect to ubus"); + state = malloc(sizeof(*state)); if (!state) @@ -339,7 +342,7 @@ lookup_device(struct fw3_state *state, const char *dev) static int usage(void) { - fprintf(stderr, "fw3 [-4] [-6] [-q] {start|stop|flush|restart|print}\n"); + fprintf(stderr, "fw3 [-4] [-6] [-q] {start|stop|flush|reload|restart|print}\n"); fprintf(stderr, "fw3 [-q] network {net}\n"); fprintf(stderr, "fw3 [-q] device {dev}\n"); @@ -375,9 +378,6 @@ int main(int argc, char **argv) } } - if (!fw3_ubus_connect()) - error("Failed to connect to ubus"); - state = build_state(); defs = &state->defaults; @@ -418,6 +418,14 @@ int main(int argc, char **argv) rv = stop(state, true, false); } else if (!strcmp(argv[optind], "restart")) + { + stop(state, true, false); + free_state(state); + + state = build_state(); + rv = start(state, false); + } + else if (!strcmp(argv[optind], "reload")) { rv = stop(state, false, true); rv = start(state, !rv); -- 2.25.1