fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-25 09:30:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

core: merge branch 'bg/iptables-sharing-rules-bgo692673'

Browse source 
Remove iptables rules for connection sharing upon termination to avoid
the presence of duplicate rules when NM is restarted.

https://bugzilla.gnome.org/show_bug.cgi?id=692673
This commit is contained in:
Beniamino Galvani 2016-01-23 10:04:26 +01:00
commit 0ba500d131
3 changed files with 12 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/devices/nm-device.c
View file

@ -6636,16 +6636,16 @@ start_sharing (NMDevice *self, NMIP4Config *config)
req = nm_device_get_act_request (self);
g_assert (req);
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 53 --jump ACCEPT", ip_iface);
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 53 --jump ACCEPT", ip_iface);
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 67 --jump ACCEPT", ip_iface);
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 67 --jump ACCEPT", ip_iface);
add_share_rule (req, "filter", "FORWARD --in-interface %s --jump REJECT", ip_iface);
add_share_rule (req, "filter", "FORWARD --out-interface %s --jump REJECT", ip_iface);
add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface);
add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface);
add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface);
add_share_rule (req, "nat", "POSTROUTING --source %s/%s ! --destination %s/%s --jump MASQUERADE", str_addr, str_mask, str_addr, str_mask);
add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface);
add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface);
add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface);
add_share_rule (req, "filter", "FORWARD --out-interface %s --jump REJECT", ip_iface);
add_share_rule (req, "filter", "FORWARD --in-interface %s --jump REJECT", ip_iface);
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 67 --jump ACCEPT", ip_iface);
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 67 --jump ACCEPT", ip_iface);
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 53 --jump ACCEPT", ip_iface);
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 53 --jump ACCEPT", ip_iface);
nm_act_request_set_shared (req, TRUE);

2
src/nm-activation-request.c
View file

@ -346,7 +346,7 @@ nm_act_request_add_share_rule (NMActRequest *req,
rule = g_malloc0 (sizeof (ShareRule));
rule->table = g_strdup (table);
rule->rule = g_strdup (table_rule);
priv->share_rules = g_slist_append (priv->share_rules, rule);
priv->share_rules = g_slist_prepend (priv->share_rules, rule);
}
/********************************************************************/

2
src/nm-manager.c
View file

@ -4418,6 +4418,8 @@ nm_manager_stop (NMManager *self)
/* Remove all devices */
while (priv->devices)
remove_device (self, NM_DEVICE (priv->devices->data), TRUE, TRUE);
_active_connection_cleanup (self);
}
static gboolean