summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhil Oester <kernel@linuxace.com>2005-02-02 19:20:15 +0000
committerMartin Josefsson <gandalf@wlug.westbo.se>2005-02-02 19:20:15 +0000
commitb2eedcdf84c037e346bdd4e804decf95de66cbf7 (patch)
treed1bec291696ff5db52666599a9afa68704ab9625
parent59746834f900b4a0cc7f44c5024c570bf99484be (diff)
Add support for inversion to multiport revision 1.
Signed-off-by: Phil Oester <kernel@linuxace.com>
-rw-r--r--extensions/libipt_multiport.c15
-rw-r--r--include/linux/netfilter_ipv4/ipt_multiport.h1
2 files changed, 11 insertions, 5 deletions
diff --git a/extensions/libipt_multiport.c b/extensions/libipt_multiport.c
index 410a3906..7fb6d72f 100644
--- a/extensions/libipt_multiport.c
+++ b/extensions/libipt_multiport.c
@@ -31,13 +31,13 @@ help_v1(void)
{
printf(
"multiport v%s options:\n"
-" --source-ports port[,port:port,port...]\n"
+" --source-ports [!] port[,port:port,port...]\n"
" --sports ...\n"
" match source port(s)\n"
-" --destination-ports port[,port:port,port...]\n"
+" --destination-ports [!] port[,port:port,port...]\n"
" --dports ...\n"
" match destination port(s)\n"
-" --ports port[,port:port,port]\n"
+" --ports [!] port[,port:port,port]\n"
" match both source and destination port(s)\n",
IPTABLES_VERSION);
}
@@ -255,8 +255,7 @@ parse_v1(int c, char **argv, int invert, unsigned int *flags,
}
if (invert)
- exit_error(PARAMETER_PROBLEM,
- "multiport does not support invert");
+ multiinfo->invert = 1;
if (*flags)
exit_error(PARAMETER_PROBLEM,
@@ -362,6 +361,9 @@ print_v1(const struct ipt_ip *ip,
break;
}
+ if (multiinfo->invert)
+ printf("! ");
+
for (i=0; i < multiinfo->count; i++) {
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], ip->proto, numeric);
@@ -422,6 +424,9 @@ static void save_v1(const struct ipt_ip *ip,
break;
}
+ if (multiinfo->invert)
+ printf("! ");
+
for (i=0; i < multiinfo->count; i++) {
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], ip->proto, 1);
diff --git a/include/linux/netfilter_ipv4/ipt_multiport.h b/include/linux/netfilter_ipv4/ipt_multiport.h
index 3af85cf4..4b95d131 100644
--- a/include/linux/netfilter_ipv4/ipt_multiport.h
+++ b/include/linux/netfilter_ipv4/ipt_multiport.h
@@ -24,5 +24,6 @@ struct ipt_multiport_v1
u_int8_t count; /* Number of ports */
u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */
u_int8_t pflags[IPT_MULTI_PORTS]; /* Port flags */
+ u_int8_t invert; /* Invert flag */
};
#endif /*_IPT_MULTIPORT_H*/