Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] Restructure iptables to have one pre-configured rule-set per control-column #1356

Open
resolutecake opened this issue Sep 20, 2023 · 0 comments
Open

[ISSUE] Restructure iptables to have one pre-configured rule-set per control-column #1356

resolutecake opened this issue Sep 20, 2023 · 0 comments
Labels
Review

Comments

@resolutecake
Copy link

resolutecake commented Sep 20, 2023
edited

Describe the bug
The way AFWall 3.6 works is that on an interface change, all rules are deleted and then rebuilt
— However, all necessary information for all control-column connection types is always available
— Therefore, one set of rules should be implemented for each column and be configured in iptables ahead of time
— When a different interface is activated, AFWall+ can simply switch sets with a single iptables command, instead of hundreds, and avoid rebuilding command strings and re-execute logic on each highly time-sensitive network-configuration change

This would eliminate several execution race conditions in 3.6 that breaks vpn and Private DNS and even regular DNS
It would also eliminate the experience of 4-second network blocks on switching an interface
One such pre-configured chain-set can be better optimized than today’s single-set for all columns
For good architecture, the code should build an in-memory structure that is then applied to iptables
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@resolutecake