summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBeniamino Galvani <bgalvani@redhat.com>2016-01-21 16:39:55 +0100
committerBeniamino Galvani <bgalvani@redhat.com>2016-01-23 10:19:39 +0100
commiteadb0051dc0715499c3b50a057bb1b49e9ef7da2 (patch)
tree7774d1955c0ef874841a5c2fa575d960194fb61d
parentb95c88284dd58d871c88850cb4570119684f4f06 (diff)
downloadNetworkManager-eadb0051dc0715499c3b50a057bb1b49e9ef7da2.tar.gz
core: list iptables sharing rules in the right order
The rules were added to the list using g_slist_append() and then applied one at time using "iptables --insert" which puts them at the beginning of the chain, reversing the initial order. Instead, list them in the desired order and use g_slist_prepend() to achieve the same result. This has no functional changes. (cherry picked from commit 8cba3e046eb8e3db9ab0bd55bbadc6cb8043096d)
Diffstat
-rw-r--r--src/devices/nm-device.c18
-rw-r--r--src/nm-activation-request.c2
2 files changed, 10 insertions, 10 deletions
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 735f509f7c..6fa64b19dd 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -5695,16 +5695,16 @@ start_sharing (NMDevice *self, NMIP4Config *config)
req = nm_device_get_act_request (self);
g_assert (req);
- add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 53 --jump ACCEPT", ip_iface);
- add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 53 --jump ACCEPT", ip_iface);
- add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 67 --jump ACCEPT", ip_iface);
- add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 67 --jump ACCEPT", ip_iface);
- add_share_rule (req, "filter", "FORWARD --in-interface %s --jump REJECT", ip_iface);
- add_share_rule (req, "filter", "FORWARD --out-interface %s --jump REJECT", ip_iface);
- add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface);
- add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface);
- add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface);
add_share_rule (req, "nat", "POSTROUTING --source %s/%s ! --destination %s/%s --jump MASQUERADE", str_addr, str_mask, str_addr, str_mask);
+ add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface);
+ add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface);
+ add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface);
+ add_share_rule (req, "filter", "FORWARD --out-interface %s --jump REJECT", ip_iface);
+ add_share_rule (req, "filter", "FORWARD --in-interface %s --jump REJECT", ip_iface);
+ add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 67 --jump ACCEPT", ip_iface);
+ add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 67 --jump ACCEPT", ip_iface);
+ add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 53 --jump ACCEPT", ip_iface);
+ add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 53 --jump ACCEPT", ip_iface);
nm_act_request_set_shared (req, TRUE);
diff --git a/src/nm-activation-request.c b/src/nm-activation-request.c
index 2c084b874e..6a05f452fe 100644
--- a/src/nm-activation-request.c
+++ b/src/nm-activation-request.c
@@ -274,7 +274,7 @@ nm_act_request_add_share_rule (NMActRequest *req,
rule = g_malloc0 (sizeof (ShareRule));
rule->table = g_strdup (table);
rule->rule = g_strdup (table_rule);
- priv->share_rules = g_slist_append (priv->share_rules, rule);
+ priv->share_rules = g_slist_prepend (priv->share_rules, rule);
}
/********************************************************************/
View Lorry Controller Status