| Message ID | 20220214184257.2406-3-stefan.schantl@ipfire.org |
|---|---|
| State | Accepted |
| Commit | bbeb2a5067f72d0f4073a7a183ed6f1f3477765c |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JyClt355Fz3wsl for <patchwork@web04.haj.ipfire.org>; Mon, 14 Feb 2022 18:43:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JyClp0wFmz4Rg; Mon, 14 Feb 2022 18:43:18 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JyCln6tKvz323f; Mon, 14 Feb 2022 18:43:17 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JyCll0LqLz2y3N for <development@lists.ipfire.org>; Mon, 14 Feb 2022 18:43:15 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4JyClk55xYz28g; Mon, 14 Feb 2022 18:43:14 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1644864194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h3n2Evj/75ODvaWKNeb4KYng0zhbA8Ap7rs8MqYzoZI=; b=DVMdiIKRxbZXkWFoOr7PQ2onq6Eg2xfyj7O3gxSO7Wi3+PxkaH5Te7dNtlRVfAOGd+8msp Vr4wjTH+MrCtffBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1644864194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h3n2Evj/75ODvaWKNeb4KYng0zhbA8Ap7rs8MqYzoZI=; b=pzRGLHG+nvvpGBOHuXOVFGnOCLAZV3aNFA472XXj4NmRw2v99jHeZSgAkdd2RzoqPkuiqW 4ibJ8QTLiA6ldvx9dC6X8MSlc1/DZqrxFigB6rq3hnL+HiE7nYXDXoCl8Bcy9MSf86Nmv3 a3QWZ0IzM9h/y0PJ2klYDwUZLmaLht1s1f2i5c9RLRsenBFWlA30Om9G+Wo94BsaIPVdOM W/f4x1vpzO2/U+NudDaUultMFPG8CwBuEQDR0dVS5rNi+zvcC8tLdMo0yEDfOD7qXp8dk/ Ld5RJH6dsiW/hS1wE7ER3rF9oaSei9qOSc3m3b0gryOtiyiyrbPIq4JzRPD6Fw== From: Stefan Schantl <stefan.schantl@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 03/12] rules.pl: Move flush of LOCATIONBLOCK into main flush() function. Date: Mon, 14 Feb 2022 19:42:47 +0100 Message-Id: <20220214184257.2406-3-stefan.schantl@ipfire.org> In-Reply-To: <20220214184257.2406-1-stefan.schantl@ipfire.org> References: <20220214184257.2406-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
[01/12] location-functions.pl: Rename and set the location for exported databases to "/var/lib/location/ipset/".
|
|
Commit Message
Stefan Schantl
Feb. 14, 2022, 6:42 p.m. UTC
It is required to get rid of all ipset based rules before all of
the loaded ipset lists can be destroyed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
config/firewall/rules.pl | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > It is required to get rid of all ipset based rules before all of > the loaded ipset lists can be destroyed. > > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/firewall/rules.pl | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > index 9d280045a..f685d08a7 100644 > --- a/config/firewall/rules.pl > +++ b/config/firewall/rules.pl > @@ -186,6 +186,9 @@ sub flush { > run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE"); > run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION"); > run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX"); > + > + # Flush LOCATIONBLOCK chain. > + run("$IPTABLES -F LOCATIONBLOCK"); > } > > sub buildrules { > @@ -638,8 +641,7 @@ sub p2pblock { > } > > sub locationblock { > - # Flush iptables chain. > - run("$IPTABLES -F LOCATIONBLOCK"); > + # The LOCATIONBLOCK chain now gets flushed by the flush() function. > > # If location blocking is not enabled, we are finished here. > if ($locationsettings{'LOCATIONBLOCK_ENABLED'} ne "on") {
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > On 14 Feb 2022, at 18:42, Stefan Schantl <stefan.schantl@ipfire.org> wrote: > > It is required to get rid of all ipset based rules before all of > the loaded ipset lists can be destroyed. > > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/firewall/rules.pl | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > index 9d280045a..f685d08a7 100644 > --- a/config/firewall/rules.pl > +++ b/config/firewall/rules.pl > @@ -186,6 +186,9 @@ sub flush { > run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE"); > run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION"); > run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX"); > + > + # Flush LOCATIONBLOCK chain. > + run("$IPTABLES -F LOCATIONBLOCK"); > } > > sub buildrules { > @@ -638,8 +641,7 @@ sub p2pblock { > } > > sub locationblock { > - # Flush iptables chain. > - run("$IPTABLES -F LOCATIONBLOCK"); > + # The LOCATIONBLOCK chain now gets flushed by the flush() function. > > # If location blocking is not enabled, we are finished here. > if ($locationsettings{'LOCATIONBLOCK_ENABLED'} ne "on") { > -- > 2.30.2 >
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 9d280045a..f685d08a7 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -186,6 +186,9 @@ sub flush { run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE"); run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION"); run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX"); + + # Flush LOCATIONBLOCK chain. + run("$IPTABLES -F LOCATIONBLOCK"); } sub buildrules { @@ -638,8 +641,7 @@ sub p2pblock { } sub locationblock { - # Flush iptables chain. - run("$IPTABLES -F LOCATIONBLOCK"); + # The LOCATIONBLOCK chain now gets flushed by the flush() function. # If location blocking is not enabled, we are finished here. if ($locationsettings{'LOCATIONBLOCK_ENABLED'} ne "on") {