diff options
author | Alin Năstac <alin.nastac@gmail.com> | 2016-04-29 15:00:01 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2016-05-02 18:40:42 +0100 |
commit | 6cccf1ba7f0c3eb34ef4a7adc6af501376bfa875 (patch) | |
tree | 24fe2ca1ddbb6c97cef54d91ea89e712f4015265 /main.c | |
parent | e92392db91f6eb50288f33ccf63475aa7b9babdd (diff) | |
download | firewall3-6cccf1ba7f0c3eb34ef4a7adc6af501376bfa875.tar.gz |
load running state after lock is acquired
When running "/etc/init.d/firewall reload & fw3 -q restart", the
fw3 instance that handle the reload might try to read the running
state after firewall was stopped by the fw3 instance that does the
restarting. Since a NULL run_state will transform reload operation in
start operation, the resulted iptables chains will contain duplicate
sets of rules.
Diffstat (limited to 'main.c')
-rw-r--r-- | main.c | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -546,7 +546,6 @@ int main(int argc, char **argv) } build_state(false); - build_state(true); defs = &cfg_state->defaults; if (optind >= argc) @@ -577,12 +576,18 @@ int main(int argc, char **argv) print_family = family; fw3_pr_debug = true; - rv = start(); + if (fw3_lock()) + { + build_state(true); + rv = start(); + fw3_unlock(); + } } else if (!strcmp(argv[optind], "start")) { if (fw3_lock()) { + build_state(true); rv = start(); fw3_unlock(); } @@ -591,6 +596,7 @@ int main(int argc, char **argv) { if (fw3_lock()) { + build_state(true); rv = stop(false); fw3_unlock(); } @@ -599,6 +605,7 @@ int main(int argc, char **argv) { if (fw3_lock()) { + build_state(true); rv = stop(true); fw3_unlock(); } @@ -607,6 +614,7 @@ int main(int argc, char **argv) { if (fw3_lock()) { + build_state(true); stop(true); rv = start(); fw3_unlock(); @@ -616,6 +624,7 @@ int main(int argc, char **argv) { if (fw3_lock()) { + build_state(true); rv = reload(); fw3_unlock(); } |