summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org>2005-11-17 13:34:51 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org>2005-11-17 13:34:51 +0000
commite33a69b9de2d1c2736e11fcc4d250b5d3aea16c5 (patch)
tree73a451856fa06300fc0f7cabec8816cbf31fc843 /extensions
parentc9c879996b0e26c0f5c3a712a42e2e2b487df005 (diff)
The conntrack match does not print any info for --ctproto, thus
breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester)
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libipt_conntrack.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c
index 27870b1..cdb86c4 100644
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -442,6 +442,13 @@ matchinfo_print(const struct ipt_ip *ip, const struct ipt_entry_match *match, in
print_state(sinfo->statemask);
}
+ if(sinfo->flags & IPT_CONNTRACK_PROTO) {
+ printf("%sctproto ", optpfx);
+ if (sinfo->invflags & IPT_CONNTRACK_PROTO)
+ printf("! ");
+ printf("%u ", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
+ }
+
if(sinfo->flags & IPT_CONNTRACK_ORIGSRC) {
printf("%sctorigsrc ", optpfx);