firewall: fix locking issue when running racing condition

package/network/config/firewall/Makefile

@@ -9,13 +9,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
-PKG_RELEASE:=3
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2022-02-17
+PKG_SOURCE_DATE:=2021-03-23
-PKG_SOURCE_VERSION:=4cd7d4f36bea731bf901cb067456f1d460294926
+PKG_SOURCE_VERSION:=61db17edddb1f05e8107f0dbef6f7d060ce67483
-PKG_MIRROR_HASH:=ce9e8ac1bcf22afbb0a80c3da1a8e8e887851299681097e3dfbfc347f2c4c80f
+PKG_MIRROR_HASH:=b2eb09816640e14e2dae21fb54ea05c33858fe0004844fe8d99e541a2e19e9c0
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC
 

package/network/config/firewall/patches/001-firewall3-fix-locking-issue.patch

@@ -0,0 +1,38 @@
+From df1306a96127e91ff2d513a0a67345baaf61d113 Mon Sep 17 00:00:00 2001
+From: Florian Eckert <fe@dev.tdt.de>
+Date: Fri, 19 Nov 2021 09:51:02 +0100
+Subject: [PATCH] firewall3: fix locking issue
+
+By calling the command 'fw3 reload' several times at the same time, I
+noticed that the locking was not working properly. It happened from time
+to time that some firewall rules were present twice in the system!
+
+By removing the 'unlink' systemcall, this error no longer occurred on my
+systems.
+
+Since fw3 does not run as a service, it makes no sense to delete this
+lock file every time a filehandler is no longer open on this lock file,
+because fw3 binary is not running.
+
+If fw3 does run as a service then we can remove this lock file on
+service stop. But this is not the case for fw3.
+
+Signed-off-by: Florian Eckert <fe@dev.tdt.de>
+---
+ utils.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/utils.c b/utils.c
+index 17d5bf9..92e966c 100644
+--- a/utils.c
++++ b/utils.c
+@@ -397,7 +397,6 @@ fw3_unlock_path(int *fd, const char *lockpath)
+ 		warn("Cannot release exclusive lock: %s", strerror(errno));
+ 
+ 	close(*fd);
+-	unlink(FW3_LOCKFILE);
+ 
+ 	*fd = -1;
+ }
+-- 
+2.30.2

package/network/config/firewall/patches/100-fullconenat.patch

@@ -1,7 +1,7 @@
 index 85a3750..9fac9b1 100644
 --- a/defaults.c
 +++ b/defaults.c
-@@ -48,7 +48,9 @@ const struct fw3_option fw3_flag_opts[]
+@@ -46,7 +46,9 @@ const struct fw3_option fw3_flag_opts[] = {
  	FW3_OPT("synflood_protect",    bool,     defaults, syn_flood),
  	FW3_OPT("synflood_rate",       limit,    defaults, syn_flood_rate),
  	FW3_OPT("synflood_burst",      int,      defaults, syn_flood_rate.burst),
@@ -12,19 +12,23 @@ index 85a3750..9fac9b1 100644
  	FW3_OPT("tcp_syncookies",      bool,     defaults, tcp_syncookies),
  	FW3_OPT("tcp_ecn",             int,      defaults, tcp_ecn),
  	FW3_OPT("tcp_window_scaling",  bool,     defaults, tcp_window_scaling),
+diff --git a/options.h b/options.h
+index 6edd174..c02eb97 100644
 --- a/options.h
 +++ b/options.h
-@@ -297,6 +297,7 @@ struct fw3_defaults
+@@ -267,6 +267,7 @@ struct fw3_defaults
- 	enum fw3_reject_code any_reject_code;
+ 	bool drop_invalid;
  
  	bool syn_flood;
 +	bool fullcone;
  	struct fw3_limit syn_flood_rate;
  
  	bool tcp_syncookies;
+diff --git a/zones.c b/zones.c
+index 2aa7473..57eead0 100644
 --- a/zones.c
 +++ b/zones.c
-@@ -670,6 +670,7 @@ print_zone_rule(struct fw3_ipt_handle *h
+@@ -627,6 +627,7 @@ print_zone_rule(struct fw3_ipt_handle *h
  	struct fw3_address *msrc;
  	struct fw3_address *mdest;
  	struct fw3_ipt_rule *r;
@@ -32,7 +36,7 @@ index 85a3750..9fac9b1 100644
  
  	if (!fw3_is_family(zone, handle->family))
  		return;
-@@ -755,8 +756,22 @@ print_zone_rule(struct fw3_ipt_handle *h
+@@ -712,8 +713,22 @@ print_zone_rule(struct fw3_ipt_handle *h
  				{
  					r = fw3_ipt_rule_new(handle);
  					fw3_ipt_rule_src_dest(r, msrc, mdest);