diff options
author | Thomas Haller <thaller@redhat.com> | 2023-01-10 19:42:43 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2023-01-16 10:22:05 +0100 |
commit | 53a9ba354f79cf0986ed7e3eedc30b377c50e0a6 (patch) | |
tree | 5a94bf4086bf517067b11a642c8eed44a7415436 | |
parent | 285f692ac52c911ab28bf7725b05dd7d32100658 (diff) |
firewall: automatically add iptables path to _share_iptables_call() call
No need to redundantly specify the path. Also, next we will specify the
"--wait" option, so this will work better.
(cherry picked from commit 53422c86931f6dbdc7b47f56b2c57574e242299f)
-rw-r--r-- | src/core/nm-firewall-utils.c | 32 |
1 files changed, 12 insertions, 20 deletions
diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c index e482ab9684..93bf501511 100644 --- a/src/core/nm-firewall-utils.c +++ b/src/core/nm-firewall-utils.c @@ -147,12 +147,13 @@ _share_iptables_call_v(const char *const *argv) return TRUE; } -#define _share_iptables_call(...) _share_iptables_call_v(NM_MAKE_STRV(__VA_ARGS__)) +#define _share_iptables_call(...) \ + _share_iptables_call_v(NM_MAKE_STRV("" IPTABLES_PATH "", __VA_ARGS__)) static gboolean _share_iptables_chain_op(const char *table, const char *chain, const char *op) { - return _share_iptables_call("" IPTABLES_PATH "", "--table", table, op, chain); + return _share_iptables_call("--table", table, op, chain); } static gboolean @@ -181,8 +182,7 @@ _share_iptables_set_masquerade_sync(gboolean up, const char *ip_iface, in_addr_t comment_name = _share_iptables_get_name(FALSE, "nm-shared", ip_iface); _share_iptables_subnet_to_str(str_subnet, addr, plen); - _share_iptables_call("" IPTABLES_PATH "", - "--table", + _share_iptables_call("--table", "nat", up ? "--insert" : "--delete", "POSTROUTING", @@ -232,8 +232,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input, _share_iptables_chain_add("filter", chain_input); for (i = 0; i < (int) G_N_ELEMENTS(input_params); i++) { - _share_iptables_call("" IPTABLES_PATH "", - "--table", + _share_iptables_call("--table", "filter", "--append", chain_input, @@ -247,8 +246,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input, _share_iptables_chain_add("filter", chain_forward); - _share_iptables_call("" IPTABLES_PATH "", - "--table", + _share_iptables_call("--table", "filter", "--append", chain_forward, @@ -262,8 +260,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input, "ESTABLISHED,RELATED", "--jump", "ACCEPT"); - _share_iptables_call("" IPTABLES_PATH "", - "--table", + _share_iptables_call("--table", "filter", "--append", chain_forward, @@ -273,8 +270,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input, ip_iface, "--jump", "ACCEPT"); - _share_iptables_call("" IPTABLES_PATH "", - "--table", + _share_iptables_call("--table", "filter", "--append", chain_forward, @@ -284,8 +280,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input, ip_iface, "--jump", "ACCEPT"); - _share_iptables_call("" IPTABLES_PATH "", - "--table", + _share_iptables_call("--table", "filter", "--append", chain_forward, @@ -293,8 +288,7 @@ _share_iptables_set_shared_chains_add(const char *chain_input, ip_iface, "--jump", "REJECT"); - _share_iptables_call("" IPTABLES_PATH "", - "--table", + _share_iptables_call("--table", "filter", "--append", chain_forward, @@ -325,8 +319,7 @@ _share_iptables_set_shared_sync(gboolean up, const char *ip_iface, in_addr_t add if (up) _share_iptables_set_shared_chains_add(chain_input, chain_forward, ip_iface, addr, plen); - _share_iptables_call("" IPTABLES_PATH "", - "--table", + _share_iptables_call("--table", "filter", up ? "--insert" : "--delete", "INPUT", @@ -339,8 +332,7 @@ _share_iptables_set_shared_sync(gboolean up, const char *ip_iface, in_addr_t add "--comment", comment_name); - _share_iptables_call("" IPTABLES_PATH "", - "--table", + _share_iptables_call("--table", "filter", up ? "--insert" : "--delete", "FORWARD", |