diff options
author | Phil Sutter <phil@nwl.cc> | 2019-03-04 16:53:46 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-03-08 16:35:36 +0100 |
commit | 3a3bb480a738afb58aa36d4f5df91282d5712b9e (patch) | |
tree | 5ffe545a83723f1ab10fc0cc37bf791f0d6b774c /extensions/libxt_connlabel.txlate | |
parent | 06da3ab2c818b15304a285a798eaaf16ebf375ea (diff) |
extensions: connlabel: Fallback on missing connlabel.conf
If connlabel.conf was not found, fall back to manually parsing arguments
as plain numbers.
If nfct_labelmap_new() has failed, nfct_labelmap_get_name() segfaults.
Therefore make sure it is not called in connlabel_get_name() if that's
the case.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libxt_connlabel.txlate')
-rw-r--r-- | extensions/libxt_connlabel.txlate | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/extensions/libxt_connlabel.txlate b/extensions/libxt_connlabel.txlate index 5be42204..12e4ac03 100644 --- a/extensions/libxt_connlabel.txlate +++ b/extensions/libxt_connlabel.txlate @@ -1,5 +1,5 @@ -iptables-translate -A INPUT -m connlabel --label bit40 -nft add rule ip filter INPUT ct label bit40 counter +iptables-translate -A INPUT -m connlabel --label 40 +nft add rule ip filter INPUT ct label 40 counter -iptables-translate -A INPUT -m connlabel ! --label bit40 --set -nft add rule ip filter INPUT ct label set bit40 ct label and bit40 != bit40 counter +iptables-translate -A INPUT -m connlabel ! --label 40 --set +nft add rule ip filter INPUT ct label set 40 ct label and 40 != 40 counter |