mirror of
https://github.com/qdm12/gluetun.git
synced 2026-05-07 04:20:12 +02:00
Quentin McGaw
2bb4deccd5
- all operations rollback on failure - disabling the firewall means rolling back to its state before enabling it - aligns with nftables atomicity feature
50 lines
1.1 KiB
Go
50 lines
1.1 KiB
Go
package iptables
|
|
|
|
import (
|
|
"context"
|
|
)
|
|
|
|
func (c *Config) runMixedIptablesInstructions(ctx context.Context, instructions []string) error {
|
|
c.iptablesMutex.Lock()
|
|
c.ip6tablesMutex.Lock()
|
|
defer c.iptablesMutex.Unlock()
|
|
defer c.ip6tablesMutex.Unlock()
|
|
|
|
restore, err := c.saveAndRestore(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, instruction := range instructions {
|
|
if err := c.runMixedIptablesInstructionNoSave(ctx, instruction); err != nil {
|
|
restore(ctx)
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (c *Config) runMixedIptablesInstruction(ctx context.Context, instruction string) error {
|
|
c.iptablesMutex.Lock()
|
|
c.ip6tablesMutex.Lock()
|
|
defer c.iptablesMutex.Unlock()
|
|
defer c.ip6tablesMutex.Unlock()
|
|
|
|
restore, err := c.saveAndRestore(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = c.runIptablesInstructionNoSave(ctx, instruction)
|
|
if err != nil {
|
|
restore(ctx)
|
|
}
|
|
return err
|
|
}
|
|
|
|
func (c *Config) runMixedIptablesInstructionNoSave(ctx context.Context, instruction string) error {
|
|
if err := c.runIptablesInstructionNoSave(ctx, instruction); err != nil {
|
|
return err
|
|
}
|
|
return c.runIP6tablesInstructionNoSave(ctx, instruction)
|
|
}
|