summaryrefslogtreecommitdiffstats
path: root/iptables.c
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2008-08-13 14:41:32 +0200
committerPatrick McHardy <kaber@trash.net>2008-08-13 14:41:32 +0200
commit1eada72b7da712bffb87e829b3b9deb3de6bca3c (patch)
treee87494efea05debb1f1ed6c72139e1ce30608846 /iptables.c
parentd38eaf488dcd9c78d1ea7c1b9613d210688114af (diff)
Warn about use of DROP in nat table
Consensus is that we should warn for now. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'iptables.c')
-rw-r--r--iptables.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/iptables.c b/iptables.c
index 41e18361..6a105f80 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1917,6 +1917,14 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
invert = FALSE;
}
+ if (strcmp(*table, "nat") == 0 &&
+ ((policy != NULL && strcmp(policy, "DROP") == 0) ||
+ (jumpto != NULL && strcmp(jumpto, "DROP") == 0)))
+ fprintf(stderr, "\nThe \"nat\" table is not intended for "
+ "filtering, hence the use of DROP is deprecated and "
+ "will permanently be disabled in the next iptables "
+ "release. Please adjust your scripts.\n\n");
+
for (matchp = matches; matchp; matchp = matchp->next)
if (matchp->match->final_check != NULL)
matchp->match->final_check(matchp->match->mflags);