diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-02-09 18:22:13 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:25 +0100 |
commit | 1ff21a68502d67e056100da7e0da074467bc08ed (patch) | |
tree | 5eea8876d796426e88ea9c51a9c8ab622cdf4490 /iptables/nft.c | |
parent | af11340016320d73dc88fa377a2d2aa21173ba07 (diff) |
add xtables-events
Add new program to listen to rule updates:
shell$ xtables-events
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-D INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-D INPUT -m state --state ESTABLISHED -j ACCEPT
You can use `-c' option to display counters.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index cef1f32e..097c28b9 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1385,13 +1385,22 @@ nft_print_counters(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, } } -static void nft_rule_print_save(struct nft_rule *r, bool counters) +void +nft_rule_print_save(struct nft_rule *r, enum nft_rule_print type, bool counters) { struct nft_rule_expr_iter *iter; struct nft_rule_expr *expr; + const char *chain = nft_rule_attr_get_str(r, NFT_RULE_ATTR_CHAIN); /* print chain name */ - printf("-A %s ", nft_rule_attr_get_str(r, NFT_RULE_ATTR_CHAIN)); + switch(type) { + case NFT_RULE_APPEND: + printf("-A %s ", chain); + break; + case NFT_RULE_DEL: + printf("-D %s ", chain); + break; + } iter = nft_rule_expr_iter_create(r); if (iter == NULL) @@ -1614,7 +1623,7 @@ int nft_rule_save(struct nft_handle *h, const char *table, bool counters) if (strcmp(table, rule_table) != 0) goto next; - nft_rule_print_save(r, counters); + nft_rule_print_save(r, NFT_RULE_APPEND, counters); next: r = nft_rule_list_iter_next(iter); @@ -2714,7 +2723,7 @@ nft_rule_find(struct nft_rule_list *list, const char *chain, const char *table, /* Delete by matching rule case */ DEBUGP("comparing with... "); #ifdef DEBUG_DEL - nft_rule_print_save(r, 0); + nft_rule_print_save(r, NFT_RULE_APPEND, 0); #endif nft_rule_to_iptables_command_state(r, &this); @@ -3378,7 +3387,7 @@ static void list_save(const struct iptables_command_state *cs, struct nft_rule *r, unsigned int num, unsigned int format) { - nft_rule_print_save(r, !(format & FMT_NOCOUNTS)); + nft_rule_print_save(r, NFT_RULE_APPEND, !(format & FMT_NOCOUNTS)); } static int |