mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2026-01-28 01:47:19 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

hostmngr: Don't try to resolve IP-adresses in firewall.

Browse source 
Using iptables --list without -n takes a long time
on some configurations during boot up which is a problem.

This commit resolves this by not trying resolve hostnames
as it is not necessary for the functionality.

It also splits up the check in two: one for IPv4 and one
for IPv6 to make the logic more robust and fail-safe.
This commit is contained in:
Markus Gothe 2024-05-01 16:28:01 +02:00
parent b1b86e7093
commit 9a3fbe874e
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hostmngr/files/scripts/hosts_acl.sh
View file

@ -277,11 +277,15 @@ touch $ACL_FILE
echo "iptables -w -F hosts_forward" >> $ACL_FILE
echo "ip6tables -w -F hosts_forward" >> $ACL_FILE
hosts_forward=$(iptables -t filter --list | grep hosts_forward)
if [ -z "$hosts_forward" ]; then
hosts_ipv4_forward=$(iptables -t filter --list -n | grep hosts_forward)
if [ -z "$hosts_ipv4_forward" ]; then
echo "iptables -w -t filter -N hosts_forward" >> $ACL_FILE
ret=$?
[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
fi
hosts_ipv6_forward=$(ip6tables -t filter --list -n | grep hosts_forward)
if [ -z "$hosts_ipv6_forward" ]; then
echo "ip6tables -w -t filter -N hosts_forward" >> $ACL_FILE
ret=$?
[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE