summaryrefslogtreecommitdiffstats
path: root/iptables.c
diff options
context:
space:
mode:
authorlaforge <laforge>2002-05-07 14:41:43 +0000
committerlaforge <laforge>2002-05-07 14:41:43 +0000
commit3ff8549795a48dfb420678cebc5398b0ecba0bd6 (patch)
treeabb2d580e3047b03941372f64736f74372c0a0e0 /iptables.c
parentfa2713cc37d19ad4872218277a1813f68e1fc296 (diff)
remove '-C' check function;
add check for chain names starting with '-' to -N command.
Diffstat (limited to 'iptables.c')
-rw-r--r--iptables.c70
1 files changed, 7 insertions, 63 deletions
diff --git a/iptables.c b/iptables.c
index 66f41a6..f3dae23 100644
--- a/iptables.c
+++ b/iptables.c
@@ -79,7 +79,7 @@
#define CMD_RENAME_CHAIN 0x1000U
#define NUMBER_OF_CMD 13
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'C', 'E' };
+ 'N', 'X', 'P', 'E' };
#define OPTION_OFFSET 256
@@ -108,7 +108,6 @@ static struct option original_opts[] = {
{ "list", 2, 0, 'L' },
{ "flush", 2, 0, 'F' },
{ "zero", 2, 0, 'Z' },
- { "check", 1, 0, 'C' },
{ "new-chain", 1, 0, 'N' },
{ "delete-chain", 2, 0, 'X' },
{ "rename-chain", 2, 0, 'E' },
@@ -362,7 +361,6 @@ exit_printhelp(void)
" --list -L [chain] List the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
" --zero -Z [chain] Zero counters in chain or all chains\n"
-" --check -C chain Test this packet on chain\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -1418,35 +1416,6 @@ delete_entry(const ipt_chainlabel chain,
return ret;
}
-static int
-check_packet(const ipt_chainlabel chain,
- struct ipt_entry *fw,
- unsigned int nsaddrs,
- const struct in_addr saddrs[],
- unsigned int ndaddrs,
- const struct in_addr daddrs[],
- int verbose,
- iptc_handle_t *handle)
-{
- int ret = 1;
- unsigned int i, j;
- const char *msg;
-
- for (i = 0; i < nsaddrs; i++) {
- fw->ip.src.s_addr = saddrs[i].s_addr;
- for (j = 0; j < ndaddrs; j++) {
- fw->ip.dst.s_addr = daddrs[j].s_addr;
- if (verbose)
- print_firewall_line(fw, *handle);
- msg = iptc_check_packet(chain, fw, handle);
- if (!msg) ret = 0;
- else printf("%s\n", msg);
- }
- }
-
- return ret;
-}
-
int
for_each_chain(int (*fn)(const ipt_chainlabel, int, iptc_handle_t *),
int verbose, int builtinstoo, iptc_handle_t *handle)
@@ -1736,12 +1705,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
}
break;
- case 'C':
- add_command(&command, CMD_CHECK, CMD_NONE,
- invert);
- chain = optarg;
- break;
-
case 'R':
add_command(&command, CMD_REPLACE, CMD_NONE,
invert);
@@ -1793,6 +1756,10 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
break;
case 'N':
+ if (optarg && *optarg == '-')
+ exit_error(PARAMETER_PROBLEM,
+ "chain name not allowed to start "
+ "with `-'\n");
add_command(&command, CMD_NEW_CHAIN, CMD_NONE,
invert);
chain = optarg;
@@ -2103,8 +2070,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
exit_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
- if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND |
- CMD_CHECK)) {
+ if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) {
if (!(options & OPT_DESTINATION))
dhostnetworkmask = "0.0.0.0/0";
if (!(options & OPT_SOURCE))
@@ -2124,10 +2090,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
exit_error(PARAMETER_PROBLEM, "! not allowed with multiple"
" source or destination IP addresses");
- if (command == CMD_CHECK && fw.ip.invflags != 0)
- exit_error(PARAMETER_PROBLEM, "! not allowed with -%c",
- cmd2char(CMD_CHECK));
-
if (command == CMD_REPLACE && (nsaddrs != 1 || ndaddrs != 1))
exit_error(PARAMETER_PROBLEM, "Replacement rule does not "
"specify a unique address");
@@ -2154,8 +2116,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
"can't initialize iptables table `%s': %s",
*table, iptc_strerror(errno));
- if (command == CMD_CHECK
- || command == CMD_APPEND
+ if (command == CMD_APPEND
|| command == CMD_DELETE
|| command == CMD_INSERT
|| command == CMD_REPLACE) {
@@ -2167,12 +2128,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEOUT),
chain);
- /* -i required with -C */
- if (command == CMD_CHECK && !(options & OPT_VIANAMEIN))
- exit_error(PARAMETER_PROBLEM,
- "Need -%c with %s\n",
- opt2char(OPT_VIANAMEIN),
- chain);
}
if (strcmp(chain, "POSTROUTING") == 0
@@ -2183,12 +2138,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEIN),
chain);
- /* -o required with -C */
- if (command == CMD_CHECK && !(options&OPT_VIANAMEOUT))
- exit_error(PARAMETER_PROBLEM,
- "Need -%c with %s\n",
- opt2char(OPT_VIANAMEOUT),
- chain);
}
if (target && iptc_is_chain(jumpto, *handle)) {
@@ -2234,11 +2183,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
options&OPT_VERBOSE,
handle);
break;
- case CMD_CHECK:
- ret = check_packet(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
- options&OPT_VERBOSE, handle);
- break;
case CMD_DELETE:
ret = delete_entry(chain, e,
nsaddrs, saddrs, ndaddrs, daddrs,