summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-config.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-03-10 16:04:39 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2013-12-30 23:50:27 +0100
commit8b9ea2e3f8d685a6b940691cabf5e82c96254747 (patch)
tree8e8d56ac5edebbf1f3dec6393abb5198a7501bfc /iptables/xtables-config.c
parentc924c0cd07440aa9ce7465e2ba68fb266f07d7c3 (diff)
nft: load tables and chains based on /etc/xtables.conf
If /etc/xtables.conf is available, use the configuration there to autoload the xtables built-in table and chain so you can define custom configurations. Otherwise, rely on default common table/chain configuration. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xtables-config.c')
-rw-r--r--iptables/xtables-config.c75
1 files changed, 3 insertions, 72 deletions
diff --git a/iptables/xtables-config.c b/iptables/xtables-config.c
index fce03a19..3ad46e85 100644
--- a/iptables/xtables-config.c
+++ b/iptables/xtables-config.c
@@ -16,32 +16,15 @@
#include <string.h>
#include <errno.h>
-#include <libnftables/table.h>
-#include <libnftables/chain.h>
-
#include "xtables-multi.h"
-#include "xtables-config-parser.h"
-
#include "nft.h"
-extern int xtables_config_parse(const char *filename,
- struct nft_table_list *table_list,
- struct nft_chain_list *chain_list);
-
-#define XTABLES_CONFIG_DEFAULT "/etc/xtables.conf"
-
int xtables_config_main(int argc, char *argv[])
{
- struct nft_table_list *table_list = nft_table_list_alloc();
- struct nft_chain_list *chain_list = nft_chain_list_alloc();
- struct nft_table_list_iter *titer;
- struct nft_chain_list_iter *citer;
- struct nft_table *table;
- struct nft_chain *chain;
- const char *filename = NULL;
struct nft_handle h = {
.family = AF_INET,
};
+ const char *filename = NULL;
if (argc > 2) {
fprintf(stderr, "Usage: %s [<config_file>]\n", argv[0]);
@@ -52,58 +35,6 @@ int xtables_config_main(int argc, char *argv[])
else
filename = argv[1];
- if (xtables_config_parse(filename, table_list, chain_list) < 0) {
- if (errno == ENOENT) {
- fprintf(stderr, "configuration file `%s' does not "
- "exists\n", filename);
- } else {
- fprintf(stderr, "Fatal error: %s\n", strerror(errno));
- }
- return EXIT_FAILURE;
- }
-
- nft_init(&h);
-
- /* Stage 1) create tables */
- titer = nft_table_list_iter_create(table_list);
- while ((table = nft_table_list_iter_next(titer)) != NULL) {
- if (nft_table_add(&h, table) < 0) {
- if (errno == EEXIST) {
- printf("table `%s' already exists, skipping\n",
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
- } else {
- printf("table `%s' cannot be create, reason `%s'. Exitting\n",
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME),
- strerror(errno));
- return EXIT_FAILURE;
- }
- continue;
- }
- printf("table `%s' has been created\n",
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
- }
-
- /* Stage 2) create chains */
- citer = nft_chain_list_iter_create(chain_list);
- while ((chain = nft_chain_list_iter_next(citer)) != NULL) {
- if (nft_chain_add(&h, chain) < 0) {
- if (errno == EEXIST) {
- printf("chain `%s' already exists in table `%s', skipping\n",
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
- } else {
- printf("chain `%s' cannot be create, reason `%s'. Exitting\n",
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
- strerror(errno));
- return EXIT_FAILURE;
- }
- continue;
- }
-
- printf("chain `%s' in table `%s' has been created\n",
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
- }
-
- return EXIT_SUCCESS;
+ return nft_xtables_config_load(&h, filename, NFT_LOAD_VERBOSE) == 0 ?
+ EXIT_SUCCESS : EXIT_FAILURE;
}