Commit 8c8f07e0 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

fallback: trigger no DNS queries

fixes race condition where an unnecessary DNS query fails after kernel
rules have already been flushed
parent 12da0d67
......@@ -204,6 +204,22 @@ if not call(
end
local iptables = require('awall.iptables')
if mode == 'fallback' then
for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do
signal(posix['SIG'..sig], 'SIG_IGN')
end
posix.sleep(10)
printmsg('\nTimeout, reverting to the old configuration')
iptables.revert()
os.exit()
end
local input = policyset:load()
if mode == 'dump' then level = 0 + (arg[opind] or 0) end
......@@ -286,9 +302,6 @@ if not call(
local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile
local iptables = require('awall.iptables')
if mode == 'dump' then dump(level)
elseif mode == 'diff' then
......@@ -415,17 +428,6 @@ if not call(
end
elseif mode == 'fallback' then
for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do
signal(posix['SIG'..sig], 'SIG_IGN')
end
posix.sleep(10)
printmsg('\nTimeout, reverting to the old configuration')
iptables.revert()
elseif mode == 'flush' then iptables.flush()
else assert(false) end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment