From 8c8f07e0b9a0f9976155a8666e1a32cf3444979d Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Sat, 7 Sep 2019 19:44:46 +0300
Subject: fallback: trigger no DNS queries

fixes race condition where an unnecessary DNS query fails after kernel
rules have already been flushed
---
 awall-cli | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/awall-cli b/awall-cli
index 7b74bb3..2562aea 100755
--- a/awall-cli
+++ b/awall-cli
@@ -204,6 +204,22 @@ if not call(
       end
 
 
+      local iptables = require('awall.iptables')
+
+      if mode == 'fallback' then
+
+	 for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do
+	    signal(posix['SIG'..sig], 'SIG_IGN')
+	 end
+
+	 posix.sleep(10)
+
+	 printmsg('\nTimeout, reverting to the old configuration')
+	 iptables.revert()
+	 os.exit()
+      end
+
+
       local input = policyset:load()
 
       if mode == 'dump' then level = 0 + (arg[opind] or 0) end
@@ -286,9 +302,6 @@ if not call(
       local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile
 
 
-      local iptables = require('awall.iptables')
-
-
       if mode == 'dump' then dump(level)
 
       elseif mode == 'diff' then
@@ -415,17 +428,6 @@ if not call(
 	 end
 
 
-      elseif mode == 'fallback' then
-   
-	 for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do
-	    signal(posix['SIG'..sig], 'SIG_IGN')
-	 end
-
-	 posix.sleep(10)
-
-	 printmsg('\nTimeout, reverting to the old configuration')
-	 iptables.revert()
-
       elseif mode == 'flush' then iptables.flush()
 
       else assert(false) end
-- 
cgit v1.2.3