mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-10-25 14:32:00 +02:00
35b821d723
Might need some additional testing. Especially the OpenRC service wasn't tested to extensively by myself.
51 lines
1.5 KiB
Diff
51 lines
1.5 KiB
Diff
From 454ffab9cc695b9618324a6a0a4dead6d5289f8d Mon Sep 17 00:00:00 2001
|
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Date: Sat, 14 Feb 2015 21:41:23 +0100
|
|
Subject: rule: fix object order via nft -f
|
|
|
|
The objects need to be loaded in the following order:
|
|
|
|
#1 tables
|
|
#2 chains
|
|
#3 sets
|
|
#4 rules
|
|
|
|
We have to make sure that chains are in place by when we add rules with
|
|
jumps/gotos. Similarly, we have to make sure that the sets are in place
|
|
by when rules reference them.
|
|
|
|
Without this patch, you may hit ENOENT errors depending on your ruleset
|
|
configuration.
|
|
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
diff --git a/src/rule.c b/src/rule.c
|
|
index feafe26..8d76fd0 100644
|
|
--- a/src/rule.c
|
|
+++ b/src/rule.c
|
|
@@ -658,14 +658,19 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h,
|
|
if (netlink_add_table(ctx, h, loc, table, excl) < 0)
|
|
return -1;
|
|
if (table != NULL) {
|
|
+ list_for_each_entry(chain, &table->chains, list) {
|
|
+ if (netlink_add_chain(ctx, &chain->handle,
|
|
+ &chain->location, chain,
|
|
+ excl) < 0)
|
|
+ return -1;
|
|
+ }
|
|
list_for_each_entry(set, &table->sets, list) {
|
|
handle_merge(&set->handle, &table->handle);
|
|
if (do_add_set(ctx, &set->handle, set) < 0)
|
|
return -1;
|
|
}
|
|
list_for_each_entry(chain, &table->chains, list) {
|
|
- if (do_add_chain(ctx, &chain->handle, &chain->location,
|
|
- chain, excl) < 0)
|
|
+ if (netlink_add_rule_list(ctx, h, &chain->rules) < 0)
|
|
return -1;
|
|
}
|
|
}
|
|
--
|
|
cgit v0.10.2
|
|
|