From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 03/12] rules.pl: Move flush of LOCATIONBLOCK into main
 flush() function.
Date: Tue, 15 Feb 2022 12:42:03 +0000
Message-ID: <77E2EDB6-0DD7-4039-87AF-2D66A8DD26E0@ipfire.org>
In-Reply-To: <20220214184257.2406-3-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1940279930199419745=="
List-Id: <development.lists.ipfire.org>

--===============1940279930199419745==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 14 Feb 2022, at 18:42, Stefan Schantl <stefan.schantl(a)ipfire.org> wrot=
e:
>=20
> It is required to get rid of all ipset based rules before all of
> the loaded ipset lists can be destroyed.
>=20
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/firewall/rules.pl | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>=20
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 9d280045a..f685d08a7 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -186,6 +186,9 @@ sub flush {
> 	run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE");
> 	run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION");
> 	run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
> +
> +	# Flush LOCATIONBLOCK chain.
> +	run("$IPTABLES -F LOCATIONBLOCK");
> }
>=20
> sub buildrules {
> @@ -638,8 +641,7 @@ sub p2pblock {
> }
>=20
> sub locationblock {
> -	# Flush iptables chain.
> -	run("$IPTABLES -F LOCATIONBLOCK");
> +	# The LOCATIONBLOCK chain now gets flushed by the flush() function.
>=20
> 	# If location blocking is not enabled, we are finished here.
> 	if ($locationsettings{'LOCATIONBLOCK_ENABLED'} ne "on") {
> --=20
> 2.30.2
>=20


--===============1940279930199419745==--