Added chain_exists() check to fwknopd SPA rule creation
authorMichael Rash <mbr@cipherdyne.org>
Tue, 13 Nov 2012 02:48:26 +0000 (21:48 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Tue, 13 Nov 2012 02:48:26 +0000 (21:48 -0500)
commitbc58b3a15f251a2065877d25e687dee215fad3e8
tree7de8190bf076b9ec86684cd2cac5de2a397ab321
parentc0349a20a3f5de7173f68de84a85faeb668cfcd5
Added chain_exists() check to fwknopd SPA rule creation

Added chain_exists() check to SPA rule creation so that if any
of the fwknop chains are deleted out from under fwknopd they will be
recreated on the fly.  This mitigates scenarios where fwknopd might be
started before a system level firewall policy is applied due to init
script ordering, or if an iptables policy is re-applied without
restarting fwknopd.
ChangeLog
server/fw_util_iptables.c
server/fw_util_iptables.h