aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2017-08-13 14:28:04 +0200
committerBoris Kolpackov <boris@codesynthesis.com>2017-08-13 14:42:16 +0200
commitf34a7f32a4492465e0b0f1874845d285a69b86f9 (patch)
tree8487eba044a4cf196bfeda1a9d88eff5ca5a3ecd
parent7d34105ba593e74c0eff41a7c801b5c9f1d2a21d (diff)
Reorder options in iptables commands
It seems to matter when trying to delete rules.
-rw-r--r--bbot/agent/machine.cxx21
1 files changed, 12 insertions, 9 deletions
diff --git a/bbot/agent/machine.cxx b/bbot/agent/machine.cxx
index 9502021..0d1bda1 100644
--- a/bbot/agent/machine.cxx
+++ b/bbot/agent/machine.cxx
@@ -42,16 +42,19 @@ namespace bbot
process_exit::code_type e;
+ // It seems the order of options is significant when it comes to deleting
+ // the entries (this order is as printed by iptables -S).
+ //
e = run_io_exit (t, 0, ofd, ofd,
"sudo", "iptables",
"-t", "nat",
a, "PREROUTING",
- "-m", "udp",
+ "-i", br,
"-p", "udp",
+ "-m", "udp",
+ "--dport", 69,
"-m", "physdev",
- "-i", br,
"--physdev-in", tap,
- "--dport", 69,
"-j", "DNAT",
"--to-destination", addr + ':' + to_string (port));
@@ -63,13 +66,13 @@ namespace bbot
e = run_io_exit (t, 0, ofd, ofd,
"sudo", "iptables",
a, "FORWARD",
- "-m", "udp",
+ "-d", addr,
+ "-o", br,
"-p", "udp",
+ "-m", "udp",
+ "--dport", port,
"-m", "physdev",
- "-o", br,
"--physdev-out", tap,
- "-d", addr,
- "--dport", port,
"-m", "state",
"--state", "NEW,ESTABLISHED,RELATED",
"-j", "ACCEPT");
@@ -129,8 +132,8 @@ namespace bbot
void
destroy ()
{
- destroy_tap (iface, bridge, port);
- iface.clear ();
+ string i (move (iface)); // No need trying again if below fails.
+ destroy_tap (i, bridge, port);
}
};