diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-19 18:42:30 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:39 +0100 |
| commit | cf95f347e52ca8badc6a7149045d9c09f4fa666d (patch) | |
| tree | 490999882d38e63641f251da48da718d267fc3df /iptables/nft.h | |
| parent | 8dd2627afc462a2591c2f621743cae1a6b98d771 (diff) | |
xtables: add -I chain rulenum
This patch adds the nft_rule_insert function, which allows
us to insert rules at a given position.
The function nft_rule_add has been renamed to nft_rule_append.
This is possible thanks to Eric Leblond's (netfilter: nf_tables:
add insert operation) kernel patch.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.h')
| -rw-r--r-- | iptables/nft.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/iptables/nft.h b/iptables/nft.h index a6476714..7a6351b7 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -49,7 +49,8 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain, const char */ struct nft_rule; -int nft_rule_add(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool append, uint64_t handle, bool verbose); +int nft_rule_append(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, uint64_t handle, bool verbose); +int nft_rule_insert(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, int rulenum, bool verbose); int nft_rule_check(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool verbose); int nft_rule_delete(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool verbose); int nft_rule_delete_num(struct nft_handle *h, const char *chain, const char *table, int rulenum, bool verbose); |