From 6cccf1ba7f0c3eb34ef4a7adc6af501376bfa875 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Alin=20N=C4=83stac?= Date: Fri, 29 Apr 2016 15:00:01 +0200 Subject: [PATCH] load running state after lock is acquired When running "/etc/init.d/firewall reload & fw3 -q restart", the fw3 instance that handle the reload might try to read the running state after firewall was stopped by the fw3 instance that does the restarting. Since a NULL run_state will transform reload operation in start operation, the resulted iptables chains will contain duplicate sets of rules. --- main.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/main.c b/main.c index b953020..241da62 100644 --- a/main.c +++ b/main.c @@ -546,7 +546,6 @@ int main(int argc, char **argv) } build_state(false); - build_state(true); defs = &cfg_state->defaults; if (optind >= argc) @@ -577,12 +576,18 @@ int main(int argc, char **argv) print_family = family; fw3_pr_debug = true; - rv = start(); + if (fw3_lock()) + { + build_state(true); + rv = start(); + fw3_unlock(); + } } else if (!strcmp(argv[optind], "start")) { if (fw3_lock()) { + build_state(true); rv = start(); fw3_unlock(); } @@ -591,6 +596,7 @@ int main(int argc, char **argv) { if (fw3_lock()) { + build_state(true); rv = stop(false); fw3_unlock(); } @@ -599,6 +605,7 @@ int main(int argc, char **argv) { if (fw3_lock()) { + build_state(true); rv = stop(true); fw3_unlock(); } @@ -607,6 +614,7 @@ int main(int argc, char **argv) { if (fw3_lock()) { + build_state(true); stop(true); rv = start(); fw3_unlock(); @@ -616,6 +624,7 @@ int main(int argc, char **argv) { if (fw3_lock()) { + build_state(true); rv = reload(); fw3_unlock(); } -- 2.25.1