summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2001-05-23 23:07:33 +0000
committerHarald Welte <laforge@gnumonks.org>2001-05-23 23:07:33 +0000
commitde1578fc55c286a2f788a648cd5d702fd0b4aa40 (patch)
treee681e74c7cad997dc4592e45d6bcd54984922aad
parent2d88b871e0ea05f572117f2c4dee80a5d5461a76 (diff)
hopefully fixed the multiple-interface iptables-save problem
-rw-r--r--TODO6
-rw-r--r--iptables-save.c2
-rw-r--r--iptables.c25
3 files changed, 14 insertions, 19 deletions
diff --git a/TODO b/TODO
index baee79c2..f08bf2e9 100644
--- a/TODO
+++ b/TODO
@@ -4,7 +4,7 @@ Currently maintained by Harald Welte <laforge@gnumonks.org>
Please inform me, if you want to work on any of the TODO items, so I
can update this list and thus prevent two people doing the same work.
-CVS ID: $Id: TODO,v 1.34 2001/05/05 04:39:39 laforge Exp $
+CVS ID: $Id: TODO,v 1.35 2001/05/09 15:45:24 jamesm Exp $
IMPORTANT issues:
- solution for nostate / notrack (we don't want to track specific conn's)
@@ -22,6 +22,10 @@ X runme error with IPv6 stuff! [HW]
X SMP conntrack race [RR] (ftp-fixes, included in 2.4.4)
- static compiling/linking of iptables (for router-on-a-disk) [HW]
- IPv6 testing (MARK, LOG, REJECT) [HW]
+x iptables-save doesn't work with eth+ style multiple IF stuff [HW]
+X reject-with on REJECT target doesn't work [HW]
+- IPv6 REJECT target doesn't have extension plugin ?!?
+- colon inside prefix doesn't work
NICE to have:
- multicast connection tracking
diff --git a/iptables-save.c b/iptables-save.c
index 4dd60a40..282ca7f8 100644
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -48,7 +48,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
if (iface[i] != '\0')
printf("%c", iface[i]);
} else {
- if (iface[i] == '\0')
+ if (iface[i] != '\0')
printf("+");
break;
}
diff --git a/iptables.c b/iptables.c
index 51aadddb..5e7db06f 100644
--- a/iptables.c
+++ b/iptables.c
@@ -736,19 +736,18 @@ parse_interface(const char *arg, char *vianame, unsigned char *mask)
else if (vianame[vialen - 1] == '+') {
memset(mask, 0xFF, vialen - 1);
memset(mask + vialen - 1, 0, IFNAMSIZ - vialen + 1);
- /* Remove `+' */
- vianame[vialen - 1] = '\0';
+ /* Don't remove `+' here! -HW */
} else {
/* Include nul-terminator in match */
memset(mask, 0xFF, vialen + 1);
memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1);
- }
- for (i = 0; vianame[i]; i++) {
- if (!isalnum(vianame[i]) && vianame[i] != '_') {
- printf("Warning: wierd character in interface"
- " `%s' (No aliases, :, ! or *).\n",
- vianame);
- break;
+ for (i = 0; vianame[i]; i++) {
+ if (!isalnum(vianame[i]) && vianame[i] != '_') {
+ printf("Warning: wierd character in interface"
+ " `%s' (No aliases, :, ! or *).\n",
+ vianame);
+ break;
+ }
}
}
}
@@ -1165,10 +1164,6 @@ print_firewall(const struct ipt_entry *fw,
if (fw->ip.iniface[0] != '\0') {
strcat(iface, fw->ip.iniface);
- /* If it doesn't compare the nul-term, it's a
- wildcard. */
- if (fw->ip.iniface_mask[strlen(fw->ip.iniface)] == 0)
- strcat(iface, "+");
}
else if (format & FMT_NUMERIC) strcat(iface, "*");
else strcat(iface, "any");
@@ -1182,10 +1177,6 @@ print_firewall(const struct ipt_entry *fw,
if (fw->ip.outiface[0] != '\0') {
strcat(iface, fw->ip.outiface);
- /* If it doesn't compare the nul-term, it's a
- wildcard. */
- if (fw->ip.outiface_mask[strlen(fw->ip.outiface)] == 0)
- strcat(iface, "+");
}
else if (format & FMT_NUMERIC) strcat(iface, "*");
else strcat(iface, "any");