diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-08-13 14:41:32 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-08-13 14:41:32 +0200 |
commit | 1eada72b7da712bffb87e829b3b9deb3de6bca3c (patch) | |
tree | e87494efea05debb1f1ed6c72139e1ce30608846 | |
parent | d38eaf488dcd9c78d1ea7c1b9613d210688114af (diff) |
Warn about use of DROP in nat table
Consensus is that we should warn for now.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | iptables.c | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -1917,6 +1917,14 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) invert = FALSE; } + if (strcmp(*table, "nat") == 0 && + ((policy != NULL && strcmp(policy, "DROP") == 0) || + (jumpto != NULL && strcmp(jumpto, "DROP") == 0))) + fprintf(stderr, "\nThe \"nat\" table is not intended for " + "filtering, hence the use of DROP is deprecated and " + "will permanently be disabled in the next iptables " + "release. Please adjust your scripts.\n\n"); + for (matchp = matches; matchp; matchp = matchp->next) if (matchp->match->final_check != NULL) matchp->match->final_check(matchp->match->mflags); |