Commit 23c6d808 authored by Jose Blanquicet's avatar Jose Blanquicet Committed by Slava Monich

firewall: Remove old rules

When a new service becomes ready or online, it is checked if its
technology is more preferred than the one used by the currrent default
gateway. If so, this new service becomes the new default gateway.

When the tethering is enabled, a NAT rule is created to forward traffic
between the interface playing the AP role and the interface connected
to current default gateway. The problem comes out when the default
gateway changes, because the NAT rule is disabled but not removed from
the firewall rules list. Therefore, when the new rule is installed also
the old rule is installed because it is still in the list. If it
changes again, then three rules will be installed, and so on. They are
never removed.

This patch adds a deletion of all the rules from the firewall list
exactly after they are disabled to avoid the described problem.
parent 0a67577e
......@@ -438,7 +438,8 @@ int __connman_firewall_enable(struct firewall_context *ctx)
int __connman_firewall_disable(struct firewall_context *ctx)
{
return __connman_firewall_disable_rule(ctx, FW_ALL_RULES);
__connman_firewall_disable_rule(ctx, FW_ALL_RULES);
return __connman_firewall_remove_rule(ctx, FW_ALL_RULES);
}
bool __connman_firewall_is_up(void)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment