diff options
| author | Jose Blanquicet <blanquicet@gmail.com> | 2016-04-12 17:18:08 +0200 |
|---|---|---|
| committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2016-04-13 11:03:33 +0300 |
| commit | a1065826f85b806952a110a43f00398f8cd36985 (patch) | |
| tree | 7be04252d08ec9c5d3a47963b201d7308fda0fd2 | |
| parent | 063ec99e59f9c0f1c805453ac5c704bf08e0dd3a (diff) | |
| download | connman-a1065826f85b806952a110a43f00398f8cd36985.tar.gz | |
firewall: Remove old rules
When a new service becomes ready or online, it is checked if its
technology is more preferred than the one used by the currrent default
gateway. If so, this new service becomes the new default gateway.
When the tethering is enabled, a NAT rule is created to forward traffic
between the interface playing the AP role and the interface connected
to current default gateway. The problem comes out when the default
gateway changes, because the NAT rule is disabled but not removed from
the firewall rules list. Therefore, when the new rule is installed also
the old rule is installed because it is still in the list. If it
changes again, then three rules will be installed, and so on. They are
never removed.
This patch adds a deletion of all the rules from the firewall list
exactly after they are disabled to avoid the described problem.
| -rw-r--r-- | src/firewall.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/firewall.c b/src/firewall.c index c5acc11f..c440df61 100644 --- a/src/firewall.c +++ b/src/firewall.c @@ -438,7 +438,8 @@ int __connman_firewall_enable(struct firewall_context *ctx) int __connman_firewall_disable(struct firewall_context *ctx) { - return __connman_firewall_disable_rule(ctx, FW_ALL_RULES); + __connman_firewall_disable_rule(ctx, FW_ALL_RULES); + return __connman_firewall_remove_rule(ctx, FW_ALL_RULES); } bool __connman_firewall_is_up(void) |