summaryrefslogtreecommitdiffstats
path: root/extensions/ebt_redirect.c
diff options
context:
space:
mode:
authorBart De Schuymer <bdschuym@pandora.be>2002-07-25 14:51:54 +0000
committerBart De Schuymer <bdschuym@pandora.be>2002-07-25 14:51:54 +0000
commitb26649e7813ae62c90504ea5e8befc0590465c82 (patch)
treeb96e75864aeaa0f266c52687fd256b1759939efe /extensions/ebt_redirect.c
parent666ad4281cd3139244dc6c2ae79695490e796dd3 (diff)
allow checking for --xxxx--target RETURN rules on base chains
Diffstat (limited to 'extensions/ebt_redirect.c')
-rw-r--r--extensions/ebt_redirect.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/extensions/ebt_redirect.c b/extensions/ebt_redirect.c
index ea0a504..6e07d06 100644
--- a/extensions/ebt_redirect.c
+++ b/extensions/ebt_redirect.c
@@ -12,7 +12,7 @@ extern char *standard_targets[NUM_STANDARD_TARGETS];
#define REDIRECT_TARGET '1'
static struct option opts[] =
{
- { "redirect-target" , required_argument, 0, REDIRECT_TARGET },
+ { "redirect-target", required_argument, 0, REDIRECT_TARGET },
{ 0 }
};
@@ -20,7 +20,7 @@ static void print_help()
{
printf(
"redirect option:\n"
- " --redirect-target target : ACCEPT, DROP or CONTINUE\n");
+ " --redirect-target target : ACCEPT, DROP, RETURN or CONTINUE\n");
}
static void init(struct ebt_entry_target *target)
@@ -62,6 +62,13 @@ static void final_check(const struct ebt_u_entry *entry,
const struct ebt_entry_target *target, const char *name,
unsigned int hook_mask, unsigned int time)
{
+ struct ebt_redirect_info *redirectinfo =
+ (struct ebt_redirect_info *)target->data;
+
+ if ((hook_mask & (1 << NF_BR_NUMHOOKS)) &&
+ redirectinfo->target == EBT_RETURN)
+ print_error("--redirect-target RETURN not allowed on base chain");
+ hook_mask &= ~(1 << NF_BR_NUMHOOKS);
if ( ((hook_mask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) &&
((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) )
print_error("Wrong chain for redirect");