netd: NatController: don't setup iptables hooks in constructor.
iptables top-level chain updates should happen within CommandListener()
when it invokes the various modules' setupIptablesHooks().
And remove the extra DROP rule.
Change-Id: I33d2cfbd5444516f855ff85152c472352944cc77
diff --git a/NatController.cpp b/NatController.cpp
index db96ed3..77c4874 100644
--- a/NatController.cpp
+++ b/NatController.cpp
@@ -37,9 +37,6 @@
NatController::NatController(SecondaryTableController *ctrl) {
secondaryTableCtrl = ctrl;
-
- setupIptablesHooks();
- setDefaults();
}
NatController::~NatController() {
@@ -88,6 +85,7 @@
if (runCmd(IPTABLES_PATH, "-t nat -A POSTROUTING -j natctrl_nat_POSTROUTING"))
return -1;
+ setDefaults();
return 0;
}
@@ -232,10 +230,6 @@
return -1;
}
- snprintf(cmd, sizeof(cmd), "-%s natctrl_FORWARD -j DROP", (add ? "A" : "D"),
- intIface, extIface);
- runCmd(IPTABLES_PATH, cmd);
-
return 0;
}