summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-events.c
Commit message (Collapse)AuthorAgeFilesLines
* arptables-compat: allow to not specify a targetPablo Neira Ayuso2014-10-091-3/+4
| | | | | | | | | | | | | | | | | | arptables allows this: # arptables -I INPUT however, arptables-compat says: arptables v1.4.21: No target provided or initalization failed Try `arptables -h' or 'arptables --help' for more information. the compat utility must mimic the same behaviour. Fix this by introducing the arptables_command_state abstraction that is already available in ip{6}tables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-compat: get rid of error reporting via perrorPablo Neira Ayuso2014-09-301-21/+9
| | | | | | The compat layer should report problems in the iptables way instead. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft: replace nft_rule_attr_get_u8Giuseppe Longo2014-03-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Since the family declaration has been modified in libnftnl, from commit 3cd9cd06625f8181c713489cec2c1ce6722a7e16 the assertion is failed for {ip,ip6,arp}tables-compat when printing rules. iptables-compat -L Chain INPUT (policy ACCEPT) target prot opt source destination libnftnl: attribute 0 assertion failed in rule.c:273 ip6tables-compat -L Chain INPUT (policy ACCEPT) target prot opt source destination libnftnl: attribute 0 assertion failed in rule.c:273 arptables-compat -L Chain INPUT (policy ACCEPT) target prot opt source destination libnftnl: attribute 0 assertion failed in rule.c:273 Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xtables-events: prints arp rulesGiuseppe Longo2014-02-251-8/+15
| | | | | | | | This patch permits to print arp rules, avoiding the segfault that you got currently. Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft: Use new libnftnl library name against former libnftablesTomasz Bursztyka2014-01-201-3/+3
| | | | | | | Adapt the current code to use the new library name libnftnl. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xtables-events: fix compilation due change in libnftablesPablo Neira Ayuso2013-12-301-2/+2
| | | | | | | | The patch (989b793 src: unify parse and output types) changed the table and chain type definitions, adapt this code to use the new ones. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft: convert rule into a command state structureTomasz Bursztyka2013-12-301-3/+8
| | | | | | | | This helps to reduce the code complexity to have one single common path for printing, saving and looking up for the rule. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xtables-events: fix missing newline in table and chain eventsPablo Neira Ayuso2013-12-301-2/+2
| | | | | | Add missing newline while printing table and chain events. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xtables-events: print usage on wrong argumentsPablo Neira Ayuso2013-12-301-0/+4
| | | | | | | | | | Set opterr to zero to skip getopt_long error reporting. This also fixes the following compilation warning: xtables-events.c:148:13: warning: ‘print_usage’ defined but not used [-Wunused-function] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add xtables-eventsPablo Neira Ayuso2013-12-301-0/+208
Add new program to listen to rule updates: shell$ xtables-events -A INPUT -m state --state ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -D INPUT -p tcp -m tcp --dport 22 -j ACCEPT -D INPUT -m state --state ESTABLISHED -j ACCEPT You can use `-c' option to display counters. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>