ipsecctrl: Use --wait switch for all iptables commands

[ipfire-2.x.git] / src / misc-progs / ipsecctrl.c

diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 570fdebab4583e3c10f6d8f2a56df42d3cfbed57..e99202d9fa33cb5ab35121d09ff59f9ed633fd10 100644 (file)
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -44,42 +44,40 @@ void usage() {
         fprintf (stderr, "\t\tI : Print Statusinfo\n");
 }
 
+static void ipsec_reload() {
+       /* Re-read all configuration files and secrets and
+        * reload the daemon (#10339).
+        */
+       safe_system("/usr/sbin/ipsec rereadall >/dev/null 2>&1");
+       safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+}
+
 /*
         ACCEPT the ipsec protocol ah, esp & udp (for nat traversal) on the specified interface
 */
 void open_physical (char *interface, int nat_traversal_port) {
         char str[STRING_SIZE];
 
-        // GRE ???
-//        sprintf(str, "/sbin/iptables -A " phystable " -p 47  -i %s -j ACCEPT", interface);
-//        safe_system(str);
-        // ESP
-//        sprintf(str, "/sbin/iptables -A " phystable " -p 50  -i %s -j ACCEPT", interface);
-//        safe_system(str);
-        // AH
-//        sprintf(str, "/sbin/iptables -A " phystable " -p 51  -i %s -j ACCEPT", interface);
-//        safe_system(str);
         // IKE
-
-        sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
+        sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
         safe_system(str);
-        sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
+        sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
         safe_system(str);
 
         if (! nat_traversal_port) 
             return;
 
-        sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
+        sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
         safe_system(str);
-        sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
+        sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
         safe_system(str);
 }
 
 void ipsec_norules() {
         /* clear input rules */
-        safe_system("/sbin/iptables -F IPSECINPUT");
-        safe_system("/sbin/iptables -F IPSECFORWARD");
-        safe_system("/sbin/iptables -F IPSECOUTPUT");
+        safe_system("/sbin/iptables --wait -F IPSECINPUT");
+        safe_system("/sbin/iptables --wait -F IPSECFORWARD");
+        safe_system("/sbin/iptables --wait -F IPSECOUTPUT");
 }
 
 /*
@@ -174,14 +172,6 @@ void turn_connection_off (char *name) {
        ipsec_reload();
 }
 
-void ipsec_reload() {
-       /* Re-read all configuration files and secrets and
-        * reload the daemon (#10339).
-        */
-       safe_system("/usr/sbin/ipsec rereadall >/dev/null 2>&1");
-       safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
-}
-
 int main(int argc, char *argv[]) {
         char configtype[STRING_SIZE];
         char redtype[STRING_SIZE] = "";