#include "includes.h"
#include "ubus.h"
#include "iptables.h"
+#include "helpers.h"
static enum fw3_family print_family = FW3_FAMILY_ANY;
else
{
if (!fw3_ubus_connect())
- error("Failed to connect to ubus");
+ warn("Failed to connect to ubus");
if (uci_load(state->uci, "firewall", &p))
{
fw3_ubus_rules(&b);
fw3_load_defaults(state, p);
- fw3_load_ipsets(state, p);
+ fw3_load_cthelpers(state, p);
+ fw3_load_ipsets(state, p, b.head);
fw3_load_zones(state, p);
fw3_load_rules(state, p, b.head);
- fw3_load_redirects(state, p);
+ fw3_load_redirects(state, p, b.head);
fw3_load_snats(state, p, b.head);
- fw3_load_forwards(state, p);
- fw3_load_includes(state, p);
+ fw3_load_forwards(state, p, b.head);
+ fw3_load_includes(state, p, b.head);
return true;
}
list_for_each_safe(cur, tmp, &state->includes)
fw3_free_include((struct fw3_include *)cur);
+ list_for_each_safe(cur, tmp, &state->cthelpers)
+ fw3_free_cthelper((struct fw3_cthelper *)cur);
+
uci_free_context(state->uci);
free(state);
rv = 0;
}
- if (run_state)
- fw3_destroy_ipsets(run_state);
+ if (run_state) {
+ for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
+ fw3_destroy_ipsets(run_state, family, false);
+ }
if (complete)
fw3_flush_conntrack(NULL);
enum fw3_table table;
struct fw3_ipt_handle *handle;
- if (!print_family)
- fw3_create_ipsets(cfg_state);
-
for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
{
+ if (!print_family)
+ fw3_create_ipsets(cfg_state, family, false);
+
if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
continue;
fw3_ipt_close(handle);
}
+ fw3_ipsets_update_run_state(family, run_state, cfg_state);
+ fw3_destroy_ipsets(run_state, family, true);
+
family_set(run_state, family, false);
family_set(cfg_state, family, false);
if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
continue;
+ fw3_create_ipsets(cfg_state, family, true);
+
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))