diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2019-09-07 19:44:46 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2019-09-07 19:46:50 +0300 |
| commit | 8c8f07e0b9a0f9976155a8666e1a32cf3444979d (patch) | |
| tree | 712eb108546fb765be63e4a5cd09df7824ee56a5 | |
| parent | 12da0d675c8a8f720d70d2ad82f29f12552a9bfc (diff) | |
| download | awall-8c8f07e0b9a0f9976155a8666e1a32cf3444979d.tar.bz2 awall-8c8f07e0b9a0f9976155a8666e1a32cf3444979d.tar.xz | |
fallback: trigger no DNS queriesv1.6.12
fixes race condition where an unnecessary DNS query fails after kernel
rules have already been flushed
| -rwxr-xr-x | awall-cli | 30 |
1 files changed, 16 insertions, 14 deletions
@@ -204,6 +204,22 @@ if not call( end + local iptables = require('awall.iptables') + + if mode == 'fallback' then + + for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do + signal(posix['SIG'..sig], 'SIG_IGN') + end + + posix.sleep(10) + + printmsg('\nTimeout, reverting to the old configuration') + iptables.revert() + os.exit() + end + + local input = policyset:load() if mode == 'dump' then level = 0 + (arg[opind] or 0) end @@ -286,9 +302,6 @@ if not call( local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile - local iptables = require('awall.iptables') - - if mode == 'dump' then dump(level) elseif mode == 'diff' then @@ -415,17 +428,6 @@ if not call( end - elseif mode == 'fallback' then - - for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do - signal(posix['SIG'..sig], 'SIG_IGN') - end - - posix.sleep(10) - - printmsg('\nTimeout, reverting to the old configuration') - iptables.revert() - elseif mode == 'flush' then iptables.flush() else assert(false) end |