path: root/iptables/xtables-config-parser.y
Commit message (Collapse)AuthorAgeFilesLines
* iptables-compat: get rid of error reporting via perrorPablo Neira Ayuso2014-09-301-6/+4
| | | | | | The compat layer should report problems in the iptables way instead. Signed-off-by: Pablo Neira Ayuso <>
* nft: Use new libnftnl library name against former libnftablesTomasz Bursztyka2014-01-201-2/+2
| | | | | | | Adapt the current code to use the new library name libnftnl. Signed-off-by: Tomasz Bursztyka <> Signed-off-by: Pablo Neira Ayuso <>
* nft: load only the tables of the current familyGiuseppe Longo2013-12-301-1/+2
| | | | | | | | | | | This changes nft_xtables_config_load() permit to load only the tables of the current family. [ This patch includes a fix for the configuration parser that I detected while testing this patch --pablo ] Signed-off-by: Giuseppe Longo <> Signed-off-by: Pablo Neira Ayuso <>
* src: use nft_*_list_add_tailPablo Neira Ayuso2013-12-301-0/+6
| | | | | | | Adapt it to the semantic fix that has been applied to libnftable nft_*_list_add now inserts nodes, instead of appending them. Signed-off-by: Pablo Neira Ayuso <>
* xtables-config-parser: fix compilation warningPablo Neira Ayuso2013-12-301-1/+1
| | | | | | | xtables-config-parser.y: In function ‘xtables_config_parse’: xtables-config-parser.y:216:4: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] Signed-off-by: Pablo Neira Ayuso <>
* xtables-config: fix off by one in parsed strings from /etc/xtables.confPablo Neira Ayuso2013-12-301-5/+5
| | | | Signed-off-by: Pablo Neira Ayuso <>
* xtables: support family in /etc/xtables.conf filePablo Neira Ayuso2013-12-301-1/+31
| | | | Signed-off-by: Pablo Neira Ayuso <>
* xtables-config: priority has to be per-chain to supportPablo Neira Ayuso2013-12-301-7/+7
| | | | | | | To support NAT table chain configuration appropriately. Modify example configuration file as well. Signed-off-by: Pablo Neira Ayuso <>
* use nf_tables and nf_tables compatibility interfacePablo Neira Ayuso2013-12-301-0/+213
This patch adds the following utilities: * xtables * xtables-restore * xtables-save * xtables-config They all use Patrick's nf_tables infrastructure plus my compatibility layer. xtables, xtables-restore and xtables-save are syntax compatible with ip[6]tables, ip[6]tables-restore and ip[6]tables-save. Semantics aims to be similar, still the main exception is that there is no commit operation. Thus, we incrementally add/delete rules without entire table locking. The following options are also not yet implemented: -Z (this requires adding expr->ops->reset(...) so nft_counters can reset internal state of expressions while dumping it) -R and -E (this requires adding this feature to nf_tables) -f (can be implemented with expressions: payload 6 (2-bytes) + bitwise a&b^!b + cmp neq 0) -IPv6 support. But those are a matter of time to get them done. A new utility, xtables-config, is available to register tables and chains. By default there is a configuration file that adds backward compatible tables and chains under iptables/etc/xtables.conf. You have to call this utility first to register tables and chains. However, it would be possible to automagically register tables and chains while using xtables and xtables-restore to get similar operation than with iptables. Signed-off-by: Pablo Neira Ayuso <>