rv = 0;
}
- if (run_state)
- fw3_destroy_ipsets(run_state);
+ if (run_state) {
+ for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
+ fw3_destroy_ipsets(run_state, family, false);
+ }
if (complete)
fw3_flush_conntrack(NULL);
enum fw3_table table;
struct fw3_ipt_handle *handle;
- if (!print_family)
- fw3_create_ipsets(cfg_state);
-
for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
{
+ if (!print_family)
+ fw3_create_ipsets(cfg_state, family, false);
+
if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
continue;
continue;
}
+ /* Linux 5.15+: make sure the tables are loaded and
+ * /proc/net/ip{,6}_tables_names are thus populated.
+ */
+ for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
+ {
+ if (!(handle = fw3_ipt_open(family, table)))
+ continue;
+
+ fw3_ipt_close(handle);
+ }
+
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
fw3_ipt_close(handle);
}
+ fw3_ipsets_update_run_state(family, run_state, cfg_state);
+ fw3_destroy_ipsets(run_state, family, true);
+
family_set(run_state, family, false);
family_set(cfg_state, family, false);
if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
continue;
+ fw3_create_ipsets(cfg_state, family, true);
+
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))