You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.5 KiB
45 lines
1.5 KiB
From aac434a339ec9d261bdba70eaf649bcd8820af51 Mon Sep 17 00:00:00 2001 |
|
From: Eric Garver <e@erig.me> |
|
Date: Mon, 13 Aug 2018 16:02:11 -0400 |
|
Subject: [PATCH 2/4] fw: on restart set policy from same function |
|
|
|
Toggle the DROP/ACCEPT policy from the same function. Doing it in |
|
various areas is error prone. |
|
|
|
(cherry picked from commit d3acaac62106b10945c7ac400140b5d0f2c4264d) |
|
--- |
|
src/firewall/core/fw.py | 7 +++---- |
|
1 file changed, 3 insertions(+), 4 deletions(-) |
|
|
|
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py |
|
index e99201d0363d..1ff36f18cd99 100644 |
|
--- a/src/firewall/core/fw.py |
|
+++ b/src/firewall/core/fw.py |
|
@@ -391,14 +391,11 @@ class Firewall(object): |
|
# Start transaction |
|
transaction = FirewallTransaction(self) |
|
|
|
- if reload: |
|
- self.set_policy("DROP", use_transaction=transaction) |
|
- |
|
# flush rules |
|
self.flush(use_transaction=transaction) |
|
|
|
# If modules need to be unloaded in complete reload or if there are |
|
- # ipsets to get applied, limit the transaction to set_policy and flush. |
|
+ # ipsets to get applied, limit the transaction to flush. |
|
# |
|
# Future optimization for the ipset case in reload: The transaction |
|
# only needs to be split here if there are conflicting ipset types in |
|
@@ -919,6 +916,8 @@ class Firewall(object): |
|
# stop |
|
self.cleanup() |
|
|
|
+ self.set_policy("DROP") |
|
+ |
|
# start |
|
self._start(reload=True, complete_reload=stop) |
|
|
|
-- |
|
2.18.0 |
|
|
|
|