|
 |
e3f863 |
From aac434a339ec9d261bdba70eaf649bcd8820af51 Mon Sep 17 00:00:00 2001
|
|
|
e3f863 |
From: Eric Garver <e@erig.me>
|
|
|
e3f863 |
Date: Mon, 13 Aug 2018 16:02:11 -0400
|
|
|
e3f863 |
Subject: [PATCH 2/4] fw: on restart set policy from same function
|
|
|
e3f863 |
|
|
|
e3f863 |
Toggle the DROP/ACCEPT policy from the same function. Doing it in
|
|
|
e3f863 |
various areas is error prone.
|
|
|
e3f863 |
|
|
|
e3f863 |
(cherry picked from commit d3acaac62106b10945c7ac400140b5d0f2c4264d)
|
|
|
e3f863 |
---
|
|
|
e3f863 |
src/firewall/core/fw.py | 7 +++----
|
|
|
e3f863 |
1 file changed, 3 insertions(+), 4 deletions(-)
|
|
|
e3f863 |
|
|
|
e3f863 |
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
|
|
|
e3f863 |
index e99201d0363d..1ff36f18cd99 100644
|
|
|
e3f863 |
--- a/src/firewall/core/fw.py
|
|
|
e3f863 |
+++ b/src/firewall/core/fw.py
|
|
|
e3f863 |
@@ -391,14 +391,11 @@ class Firewall(object):
|
|
|
e3f863 |
# Start transaction
|
|
|
e3f863 |
transaction = FirewallTransaction(self)
|
|
|
e3f863 |
|
|
|
e3f863 |
- if reload:
|
|
|
e3f863 |
- self.set_policy("DROP", use_transaction=transaction)
|
|
|
e3f863 |
-
|
|
|
e3f863 |
# flush rules
|
|
|
e3f863 |
self.flush(use_transaction=transaction)
|
|
|
e3f863 |
|
|
|
e3f863 |
# If modules need to be unloaded in complete reload or if there are
|
|
|
e3f863 |
- # ipsets to get applied, limit the transaction to set_policy and flush.
|
|
|
e3f863 |
+ # ipsets to get applied, limit the transaction to flush.
|
|
|
e3f863 |
#
|
|
|
e3f863 |
# Future optimization for the ipset case in reload: The transaction
|
|
|
e3f863 |
# only needs to be split here if there are conflicting ipset types in
|
|
|
e3f863 |
@@ -919,6 +916,8 @@ class Firewall(object):
|
|
|
e3f863 |
# stop
|
|
|
e3f863 |
self.cleanup()
|
|
|
e3f863 |
|
|
|
e3f863 |
+ self.set_policy("DROP")
|
|
|
e3f863 |
+
|
|
|
e3f863 |
# start
|
|
|
e3f863 |
self._start(reload=True, complete_reload=stop)
|
|
|
e3f863 |
|
|
|
e3f863 |
--
|
|
|
e3f863 |
2.18.0
|
|
|
e3f863 |
|