path: root/iptables/nft-shared.h
diff options
authorPablo Neira Ayuso <>2013-10-08 10:50:39 +0200
committerPablo Neira Ayuso <>2013-12-30 23:50:51 +0100
commit4b7a4afaa240e5d2039e612e125b045d5d1cb7fa (patch)
tree21f637d3047580ea76617af38e6fad82c9d7a5c0 /iptables/nft-shared.h
parente8cbd65dcef62333b5e461cb264c844065b33e9a (diff)
xtables: fix missing ipt_entry for MASQUERADE target
The MASQUERADE target relies on the ipt_entry information that is set in ->post_parse, which is too late. Add a new hook called ->pre_parse, that sets the protocol information accordingly. Thus: xtables -4 -A POSTROUTING -t nat -p tcp \ -j MASQUERADE --to-ports 1024 works again. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft-shared.h')
1 files changed, 2 insertions, 0 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 7260fddc..9df17bc3 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -51,6 +51,8 @@ struct nft_family_ops {
unsigned int format);
uint8_t (*save_firewall)(const struct iptables_command_state *cs,
unsigned int format);
+ void (*proto_parse)(struct iptables_command_state *cs,
+ struct xtables_args *args);
void (*post_parse)(int command, struct iptables_command_state *cs,
struct xtables_args *args);
void (*parse_target)(struct xtables_target *t, void *data);