diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2019-09-07 19:44:46 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2019-09-08 16:01:29 +0300 |
commit | 9b3ab579946c694ae99ff63d72fe049bf329d2fb (patch) | |
tree | 3214a7618477918f26ff134b429f07632f65d1b1 | |
parent | 3867f5fa13d8963aac1ef4453685417ec2993bc9 (diff) | |
download | awall-9b3ab579946c694ae99ff63d72fe049bf329d2fb.tar.bz2 awall-9b3ab579946c694ae99ff63d72fe049bf329d2fb.tar.xz |
fallback: trigger no DNS queriesv1.5.31.5-stable
fixes race condition where an unnecessary DNS query fails after kernel
rules have already been flushed
-rwxr-xr-x | awall-cli | 30 |
1 files changed, 16 insertions, 14 deletions
@@ -202,6 +202,22 @@ if not call( end + local iptables = require('awall.iptables') + + if mode == 'fallback' then + + for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do + signal(posix['SIG'..sig], 'SIG_IGN') + end + + posix.sleep(10) + + printmsg('\nTimeout, reverting to the old configuration') + iptables.revert() + os.exit() + end + + local input = policyset:load() if mode == 'dump' then level = 0 + (arg[opind] or 0) end @@ -284,9 +300,6 @@ if not call( local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile - local iptables = require('awall.iptables') - - if mode == 'dump' then dump(level) elseif mode == 'diff' then @@ -384,17 +397,6 @@ if not call( end - elseif mode == 'fallback' then - - for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do - signal(posix['SIG'..sig], 'SIG_IGN') - end - - posix.sleep(10) - - printmsg('\nTimeout, reverting to the old configuration') - iptables.revert() - elseif mode == 'flush' then iptables.flush() else assert(false) end |