core: list iptables sharing rules in the right order
The rules were added to the list using g_slist_append() and then applied one at time using "iptables --insert" which puts them at the beginning of the chain, reversing the initial order. Instead, list them in the desired order and use g_slist_prepend() to achieve the same result. This has no functional changes.
This commit is contained in:
Beniamino Galvani
@@ -6636,16 +6636,16 @@ start_sharing (NMDevice *self, NMIP4Config *config)
|
|||||||
req = nm_device_get_act_request (self);
|
req = nm_device_get_act_request (self);
|
||||||
g_assert (req);
|
g_assert (req);
|
||||||
|
|
||||||
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 53 --jump ACCEPT", ip_iface);
|
|
||||||
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 53 --jump ACCEPT", ip_iface);
|
|
||||||
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 67 --jump ACCEPT", ip_iface);
|
|
||||||
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 67 --jump ACCEPT", ip_iface);
|
|
||||||
add_share_rule (req, "filter", "FORWARD --in-interface %s --jump REJECT", ip_iface);
|
|
||||||
add_share_rule (req, "filter", "FORWARD --out-interface %s --jump REJECT", ip_iface);
|
|
||||||
add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface);
|
|
||||||
add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface);
|
|
||||||
add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface);
|
|
||||||
add_share_rule (req, "nat", "POSTROUTING --source %s/%s ! --destination %s/%s --jump MASQUERADE", str_addr, str_mask, str_addr, str_mask);
|
add_share_rule (req, "nat", "POSTROUTING --source %s/%s ! --destination %s/%s --jump MASQUERADE", str_addr, str_mask, str_addr, str_mask);
|
||||||
|
add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface);
|
||||||
|
add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface);
|
||||||
|
add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface);
|
||||||
|
add_share_rule (req, "filter", "FORWARD --out-interface %s --jump REJECT", ip_iface);
|
||||||
|
add_share_rule (req, "filter", "FORWARD --in-interface %s --jump REJECT", ip_iface);
|
||||||
|
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 67 --jump ACCEPT", ip_iface);
|
||||||
|
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 67 --jump ACCEPT", ip_iface);
|
||||||
|
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 53 --jump ACCEPT", ip_iface);
|
||||||
|
add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 53 --jump ACCEPT", ip_iface);
|
||||||
|
|
||||||
nm_act_request_set_shared (req, TRUE);
|
nm_act_request_set_shared (req, TRUE);
|
||||||
|
|
||||||
|
|||||||
@@ -346,7 +346,7 @@ nm_act_request_add_share_rule (NMActRequest *req,
|
|||||||
rule = g_malloc0 (sizeof (ShareRule));
|
rule = g_malloc0 (sizeof (ShareRule));
|
||||||
rule->table = g_strdup (table);
|
rule->table = g_strdup (table);
|
||||||
rule->rule = g_strdup (table_rule);
|
rule->rule = g_strdup (table_rule);
|
||||||
priv->share_rules = g_slist_append (priv->share_rules, rule);
|
priv->share_rules = g_slist_prepend (priv->share_rules, rule);
|
||||||
}
|
}
|
||||||
|
|
||||||
/********************************************************************/
|
/********************************************************************/
|
||||||
|
|||||||
Reference in New Issue
Block a user