summaryrefslogtreecommitdiff
path: root/src/firewall.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firewall.c')
-rw-r--r--src/firewall.c37
1 files changed, 28 insertions, 9 deletions
diff --git a/src/firewall.c b/src/firewall.c
index c235d861..90c3d3c1 100644
--- a/src/firewall.c
+++ b/src/firewall.c
@@ -57,6 +57,8 @@ struct firewall_context {
static GSList *managed_tables;
+static bool firewall_is_up;
+
static int chain_to_index(const char *chain_name)
{
if (!g_strcmp0(builtin_chains[NF_IP_PRE_ROUTING], chain_name))
@@ -75,7 +77,7 @@ static int chain_to_index(const char *chain_name)
static int managed_chain_to_index(const char *chain_name)
{
- if (g_str_has_prefix(chain_name, CHAIN_PREFIX) == FALSE)
+ if (!g_str_has_prefix(chain_name, CHAIN_PREFIX))
return -1;
return chain_to_index(chain_name + strlen(CHAIN_PREFIX));
@@ -146,7 +148,7 @@ static int insert_managed_rule(const char *table_name,
goto out;
}
- for (list = managed_tables; list != NULL; list = list->next) {
+ for (list = managed_tables; list; list = list->next) {
mtable = list->data;
if (g_strcmp0(mtable->name, table_name) == 0)
@@ -155,7 +157,7 @@ static int insert_managed_rule(const char *table_name,
mtable = NULL;
}
- if (mtable == NULL) {
+ if (!mtable) {
mtable = g_new0(struct connman_managed_table, 1);
mtable->name = g_strdup(table_name);
@@ -203,7 +205,7 @@ static int delete_managed_rule(const char *table_name,
err = __connman_iptables_delete(table_name, managed_chain,
rule_spec);
- for (list = managed_tables; list != NULL; list = list->next) {
+ for (list = managed_tables; list; list = list->next) {
mtable = list->data;
if (g_strcmp0(mtable->name, table_name) == 0)
@@ -212,7 +214,7 @@ static int delete_managed_rule(const char *table_name,
mtable = NULL;
}
- if (mtable == NULL) {
+ if (!mtable) {
err = -ENOENT;
goto out;
}
@@ -297,7 +299,7 @@ static int firewall_disable(GList *rules)
GList *list;
int err;
- for (list = rules; list != NULL; list = g_list_previous(list)) {
+ for (list = rules; list; list = g_list_previous(list)) {
rule = list->data;
err = delete_managed_rule(rule->table,
@@ -325,7 +327,7 @@ int __connman_firewall_enable(struct firewall_context *ctx)
GList *list;
int err;
- for (list = g_list_first(ctx->rules); list != NULL;
+ for (list = g_list_first(ctx->rules); list;
list = g_list_next(list)) {
rule = list->data;
@@ -341,6 +343,8 @@ int __connman_firewall_enable(struct firewall_context *ctx)
goto err;
}
+ firewall_is_up = true;
+
return 0;
err:
@@ -356,6 +360,11 @@ int __connman_firewall_disable(struct firewall_context *ctx)
return firewall_disable(g_list_last(ctx->rules));
}
+bool __connman_firewall_is_up(void)
+{
+ return firewall_is_up;
+}
+
static void iterate_chains_cb(const char *chain_name, void *user_data)
{
GSList **chains = user_data;
@@ -377,7 +386,7 @@ static void flush_table(const char *table_name)
__connman_iptables_iterate_chains(table_name, iterate_chains_cb,
&chains);
- for (list = chains; list != NULL; list = list->next) {
+ for (list = chains; list; list = list->next) {
id = GPOINTER_TO_INT(list->data);
managed_chain = g_strdup_printf("%s%s", CHAIN_PREFIX,
@@ -417,7 +426,17 @@ static void flush_table(const char *table_name)
static void flush_all_tables(void)
{
- /* Flush the tables ConnMan might have modified */
+ /* Flush the tables ConnMan might have modified
+ * But do so if only ConnMan has done something with
+ * iptables */
+
+ if (!g_file_test("/proc/net/ip_tables_names",
+ G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ firewall_is_up = false;
+ return;
+ }
+
+ firewall_is_up = true;
flush_table("filter");
flush_table("mangle");
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 07:14:17 +0000