From 3f7877e6be987bb94897c03a45945725389a6f5c Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 23 Feb 2013 18:27:08 +0100
Subject: xtables-restore: add -4 and -6 support

Now you can specify:

 xtables-restore -6 < my-ip6tables-ruleset

to restore the IPv6 rule-set.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.c             |  2 +-
 iptables/xtables-restore.c | 10 +++++++++-
 iptables/xtables.c         |  5 ++++-
 3 files changed, 14 insertions(+), 3 deletions(-)

(limited to 'iptables')

diff --git a/iptables/nft.c b/iptables/nft.c
index 273d0838..88fd84be 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2630,7 +2630,7 @@ static int nft_action(struct nft_handle *h, int type)
 	nlh->nlmsg_seq = seq = time(NULL);
 
 	struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
-	nfg->nfgen_family = AF_INET;
+	nfg->nfgen_family = h->family;
 	nfg->version = NFNETLINK_V0;
 	nfg->res_id = 0;
 
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index c62b0a9a..3b14a9f7 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -36,6 +36,8 @@ static const struct option options[] = {
 	{.name = "noflush",  .has_arg = false, .val = 'n'},
 	{.name = "modprobe", .has_arg = true,  .val = 'M'},
 	{.name = "table",    .has_arg = true,  .val = 'T'},
+	{.name = "ipv4",     .has_arg = false, .val = '4'},
+	{.name = "ipv6",     .has_arg = false, .val = '6'},
 	{NULL},
 };
 
@@ -193,7 +195,7 @@ xtables_restore_main(int argc, char *argv[])
 
 	nft_init(&h);
 
-	while ((c = getopt_long(argc, argv, "bcvthnM:T:", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "bcvthnM:T:46", options, NULL)) != -1) {
 		switch (c) {
 			case 'b':
 				binary = 1;
@@ -220,6 +222,12 @@ xtables_restore_main(int argc, char *argv[])
 			case 'T':
 				tablename = optarg;
 				break;
+			case '4':
+				h.family = AF_INET;
+				break;
+			case '6':
+				h.family = AF_INET6;
+				break;
 		}
 	}
 
diff --git a/iptables/xtables.c b/iptables/xtables.c
index c3110558..c0a6347a 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1247,7 +1247,10 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table)
 		break;
 	}
 
-	h->family = family;
+	/* Set only if required, needed by xtables-restore */
+	if (h->family == AF_UNSPEC)
+		h->family = family;
+
 	h->ops = nft_family_ops_lookup(family);
 	if (h->ops == NULL)
 		xtables_error(PARAMETER_PROBLEM, "Unknown family");
-- 
cgit v1.2.3