fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-28 11:00:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

firewall: merge branch 'th/iptables-wait'

Browse source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1182

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1495
This commit is contained in:
Thomas Haller 2023-01-16 10:20:09 +01:00
commit 3b7e0ae083
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 12 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
src/core/nm-firewall-utils.c
View file

@ -212,12 +212,13 @@ _share_iptables_call_v(const char *const *argv)
return TRUE;
}
#define _share_iptables_call(...) _share_iptables_call_v(NM_MAKE_STRV(__VA_ARGS__))
#define _share_iptables_call(...) \
_share_iptables_call_v(NM_MAKE_STRV("" IPTABLES_PATH "", "--wait", "2", __VA_ARGS__))
static gboolean
_share_iptables_chain_op(const char *table, const char *chain, const char *op)
{
return _share_iptables_call("" IPTABLES_PATH "", "--table", table, op, chain);
return _share_iptables_call("--table", table, op, chain);
}
static gboolean
@ -246,8 +247,7 @@ _share_iptables_set_masquerade_sync(gboolean up, const char *ip_iface, in_addr_t
comment_name = _share_iptables_get_name(FALSE, "nm-shared", ip_iface);
_share_iptables_subnet_to_str(str_subnet, addr, plen);
_share_iptables_call("" IPTABLES_PATH "",
"--table",
_share_iptables_call("--table",
"nat",
up ? "--insert" : "--delete",
"POSTROUTING",
@ -297,8 +297,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input,
_share_iptables_chain_add("filter", chain_input);
for (i = 0; i < (int) G_N_ELEMENTS(input_params); i++) {
_share_iptables_call("" IPTABLES_PATH "",
"--table",
_share_iptables_call("--table",
"filter",
"--append",
chain_input,
@ -312,8 +311,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input,
_share_iptables_chain_add("filter", chain_forward);
_share_iptables_call("" IPTABLES_PATH "",
"--table",
_share_iptables_call("--table",
"filter",
"--append",
chain_forward,
@ -327,8 +325,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input,
"ESTABLISHED,RELATED",
"--jump",
"ACCEPT");
_share_iptables_call("" IPTABLES_PATH "",
"--table",
_share_iptables_call("--table",
"filter",
"--append",
chain_forward,
@ -338,8 +335,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input,
ip_iface,
"--jump",
"ACCEPT");
_share_iptables_call("" IPTABLES_PATH "",
"--table",
_share_iptables_call("--table",
"filter",
"--append",
chain_forward,
@ -349,8 +345,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input,
ip_iface,
"--jump",
"ACCEPT");
_share_iptables_call("" IPTABLES_PATH "",
"--table",
_share_iptables_call("--table",
"filter",
"--append",
chain_forward,
@ -358,8 +353,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input,
ip_iface,
"--jump",
"REJECT");
_share_iptables_call("" IPTABLES_PATH "",
"--table",
_share_iptables_call("--table",
"filter",
"--append",
chain_forward,
@ -390,8 +384,7 @@ _share_iptables_set_shared_sync(gboolean up, const char *ip_iface, in_addr_t add
if (up)
_share_iptables_set_shared_chains_add(chain_input, chain_forward, ip_iface, addr, plen);
_share_iptables_call("" IPTABLES_PATH "",
"--table",
_share_iptables_call("--table",
"filter",
up ? "--insert" : "--delete",
"INPUT",
@ -404,8 +397,7 @@ _share_iptables_set_shared_sync(gboolean up, const char *ip_iface, in_addr_t add
"--comment",
comment_name);
_share_iptables_call("" IPTABLES_PATH "",
"--table",
_share_iptables_call("--table",
"filter",
up ? "--insert" : "--delete",
"FORWARD",