master

分支 (2)

管理

管理

master

anonymous_z

firewalld
/
0001-fw_transaction-On-clear-zone-tra...

From 2e53fab83ac844c1d2fb2781116ad47b8900ab85 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Fri, 21 Sep 2018 11:02:18 -0400
Subject: [PATCH 1/2] fw_transaction: On clear zone transaction, must clear fw
 and other zones

Just like FirewallZoneTransaction.execute() that was spawned from a
FirewallTransaction must call FirewallTransaction.exectue() we should
also make sure the same is done for clear(). Otherwise we can end up
with a partially cleared transaction. This gets really hairy if the
FirewallTransaction contains many instances of FirewallZoneTransaction
which is common during startup with non-default configuration.

Fixes: #374
---
 src/firewall/core/fw_transaction.py | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/firewall/core/fw_transaction.py b/src/firewall/core/fw_transaction.py
index f169e4a923dd..ad204c1991cf 100644
--- a/src/firewall/core/fw_transaction.py
+++ b/src/firewall/core/fw_transaction.py
@@ -231,9 +231,19 @@ class FirewallZoneTransaction(SimpleFirewallTransaction):
         self.modules = [ ] # [ module,.. ]

     def clear(self):
-        super(FirewallZoneTransaction, self).clear()
-        del self.chains[:]
-        del self.modules[:]
+        # calling clear on a zone_transaction that was spawned from a
+        # FirewallTransaction needs to clear the fw_transaction and all the
+        # other zones otherwise we end up with a partially cleared transaction.
+        if self.fw_transaction:
+            super(FirewallTransaction, self.fw_transaction).clear()
+            for zone in self.fw_transaction.zone_transactions.keys():
+                super(FirewallZoneTransaction, self.fw_transaction.zone_transactions[zone]).clear()
+                del self.fw_transaction.zone_transactions[zone].chains[:]
+                del self.fw_transaction.zone_transactions[zone].modules[:]
+        else:
+            super(FirewallZoneTransaction, self).clear()
+            del self.chains[:]
+            del self.modules[:]

     def prepare(self, enable, rules=None, modules=None):
         log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "..."))
--
2.18.0