From 2e53fab83ac844c1d2fb2781116ad47b8900ab85 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Fri, 21 Sep 2018 11:02:18 -0400 Subject: [PATCH 1/2] fw_transaction: On clear zone transaction, must clear fw and other zones Just like FirewallZoneTransaction.execute() that was spawned from a FirewallTransaction must call FirewallTransaction.exectue() we should also make sure the same is done for clear(). Otherwise we can end up with a partially cleared transaction. This gets really hairy if the FirewallTransaction contains many instances of FirewallZoneTransaction which is common during startup with non-default configuration. Fixes: #374 --- src/firewall/core/fw_transaction.py | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/firewall/core/fw_transaction.py b/src/firewall/core/fw_transaction.py index f169e4a923dd..ad204c1991cf 100644 --- a/src/firewall/core/fw_transaction.py +++ b/src/firewall/core/fw_transaction.py @@ -231,9 +231,19 @@ class FirewallZoneTransaction(SimpleFirewallTransaction): self.modules = [ ] # [ module,.. ] def clear(self): - super(FirewallZoneTransaction, self).clear() - del self.chains[:] - del self.modules[:] + # calling clear on a zone_transaction that was spawned from a + # FirewallTransaction needs to clear the fw_transaction and all the + # other zones otherwise we end up with a partially cleared transaction. + if self.fw_transaction: + super(FirewallTransaction, self.fw_transaction).clear() + for zone in self.fw_transaction.zone_transactions.keys(): + super(FirewallZoneTransaction, self.fw_transaction.zone_transactions[zone]).clear() + del self.fw_transaction.zone_transactions[zone].chains[:] + del self.fw_transaction.zone_transactions[zone].modules[:] + else: + super(FirewallZoneTransaction, self).clear() + del self.chains[:] + del self.modules[:] def prepare(self, enable, rules=None, modules=None): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) -- 2.18.0