Commit a80ce15e authored by Stefan Göbel's avatar Stefan Göbel

Workaround for nft failing to load rules from /dev/fd/*

parent 3afcbdca
......@@ -3,7 +3,7 @@
pkgbase='lxcfw'
pkgname=( "$pkgbase" "$pkgbase-dnsmasq" )
pkgver='0.1.2'
pkgver='0.1.3'
pkgrel='1'
arch=( 'any' )
......
......@@ -7,8 +7,8 @@ Get configuration values of an LXC container.
---------------------------------------------------------------------------------------
:Author: Stefan Göbel <lxcfw at subtype dot de>
:Date: 2019/02/12
:Version: 0.1.2
:Date: 2019/03/14
:Version: 0.1.3
:Manual section: 8
:Manual group: Admin Commands
......
......@@ -7,8 +7,8 @@ Add or remove LXC container data to netfilter sets on container start/stop.
---------------------------------------------------------------------------------------
:Author: Stefan Göbel <lxcfw at subtype dot de>
:Date: 2019/02/12
:Version: 0.1.2
:Date: 2019/03/14
:Version: 0.1.3
:Manual section: 8
:Manual group: Admin Commands
......
......@@ -7,8 +7,8 @@ Yet another firewall script.
---------------------------------------------------------------------------------------
:Author: Stefan Göbel <lxcfw at subtype dot de>
:Date: 2019/02/12
:Version: 0.1.2
:Date: 2019/03/14
:Version: 0.1.3
:Manual section: 8
:Manual group: Admin Commands
......
......@@ -281,6 +281,7 @@ apply_rules() {
local _nft_path="${nft_fullpath:-/usr/bin/nft}"
local _old_opts=( "$@" )
local _tgt_name=''
local _tmp_file=''
eval set -- "$( getopt -n lxcfw/apply_rules -o cefkn:p:t: -- "$@" )"
while : ; do case "$1" in
......@@ -297,7 +298,11 @@ apply_rules() {
_cmd=( 'ip' 'netns' 'exec' "$_tgt_name" "$_nft_path" )
fi
"${_cmd[@]}" -f <( list_rules "${_old_opts[@]}" )
_tmp_file=$( mktemp )
firewall_temp_stuff+=( "f:$_tmp_file" )
list_rules "${_old_opts[@]}" >"$_tmp_file"
"${_cmd[@]}" -f "$_tmp_file"
}
......@@ -357,6 +362,7 @@ load_rules_temp() {
local _copy=''
local _load=''
local _reld=''
local _temp=''
case "${firewall_cmdln_opts[COMMAND]}" in
......@@ -385,7 +391,10 @@ load_rules_temp() {
local _net_name="${fw_namespace:-lxcfw-temp}"
if [[ -n "$_copy" ]] ; then
ip netns exec "$_net_name" "$_nft_path" -f <( list_rules -p "$_nft_path" )
_temp=$( mktemp )
firewall_temp_stuff+=( "f:$_temp" )
list_rules -p "$_nft_path" >"$_temp"
ip netns exec "$_net_name" "$_nft_path" -f "$_temp"
fi
if [[ -n "$_reld" ]] ; then
......@@ -397,7 +406,10 @@ load_rules_temp() {
fi
if [[ -n "${firewall_cmdln_opts[rs-sets]:-}" ]] ; then
ip netns exec "$_net_name" "$_nft_path" -f <( list_rules -p "$_nft_path" -c -f )
_temp=$( mktemp )
firewall_temp_stuff+=( "f:$_temp" )
list_rules -p "$_nft_path" -c -f >"$_temp"
ip netns exec "$_net_name" "$_nft_path" -f "$_temp"
fi
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment