core: list iptables sharing rules in the right order

The rules were added to the list using g_slist_append() and then
applied one at time using "iptables --insert" which puts them at the
beginning of the chain, reversing the initial order.

Instead, list them in the desired order and use g_slist_prepend() to
achieve the same result. This has no functional changes.

diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 2b4dc1e..e843b9b 100644 (file)
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -6636,16 +6636,16 @@ start_sharing (NMDevice *self, NMIP4Config *config)
        req = nm_device_get_act_request (self);
        g_assert (req);
 
-       add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 53 --jump ACCEPT", ip_iface);
-       add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 53 --jump ACCEPT", ip_iface);
-       add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 67 --jump ACCEPT", ip_iface);
-       add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 67 --jump ACCEPT", ip_iface);
-       add_share_rule (req, "filter", "FORWARD --in-interface %s --jump REJECT", ip_iface);
-       add_share_rule (req, "filter", "FORWARD --out-interface %s --jump REJECT", ip_iface);
-       add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface);
-       add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface);
-       add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface);
        add_share_rule (req, "nat", "POSTROUTING --source %s/%s ! --destination %s/%s --jump MASQUERADE", str_addr, str_mask, str_addr, str_mask);
+       add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface);
+       add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface);
+       add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface);
+       add_share_rule (req, "filter", "FORWARD --out-interface %s --jump REJECT", ip_iface);
+       add_share_rule (req, "filter", "FORWARD --in-interface %s --jump REJECT", ip_iface);
+       add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 67 --jump ACCEPT", ip_iface);
+       add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 67 --jump ACCEPT", ip_iface);
+       add_share_rule (req, "filter", "INPUT --in-interface %s --protocol udp --destination-port 53 --jump ACCEPT", ip_iface);
+       add_share_rule (req, "filter", "INPUT --in-interface %s --protocol tcp --destination-port 53 --jump ACCEPT", ip_iface);
 
        nm_act_request_set_shared (req, TRUE);
 

diff --git a/src/nm-activation-request.c b/src/nm-activation-request.c
index 30e98fc..04a39db 100644 (file)
--- a/src/nm-activation-request.c
+++ b/src/nm-activation-request.c
@@ -346,7 +346,7 @@ nm_act_request_add_share_rule (NMActRequest *req,
        rule = g_malloc0 (sizeof (ShareRule));
        rule->table = g_strdup (table);
        rule->rule = g_strdup (table_rule);
-       priv->share_rules = g_slist_append (priv->share_rules, rule);
+       priv->share_rules = g_slist_prepend (priv->share_rules, rule);
 }
 
 /********************************************************************/