Commit 9b3ab579 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

fallback: trigger no DNS queries

fixes race condition where an unnecessary DNS query fails after kernel
rules have already been flushed
parent 3867f5fa
......@@ -202,6 +202,22 @@ if not call(
end
local iptables = require('awall.iptables')
if mode == 'fallback' then
for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do
signal(posix['SIG'..sig], 'SIG_IGN')
end
posix.sleep(10)
printmsg('\nTimeout, reverting to the old configuration')
iptables.revert()
os.exit()
end
local input = policyset:load()
if mode == 'dump' then level = 0 + (arg[opind] or 0) end
......@@ -284,9 +300,6 @@ if not call(
local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile
local iptables = require('awall.iptables')
if mode == 'dump' then dump(level)
elseif mode == 'diff' then
......@@ -384,17 +397,6 @@ if not call(
end
elseif mode == 'fallback' then
for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do
signal(posix['SIG'..sig], 'SIG_IGN')
end
posix.sleep(10)
printmsg('\nTimeout, reverting to the old configuration')
iptables.revert()
elseif mode == 'flush' then iptables.flush()
else assert(false) end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment