diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2009-11-15 15:51:27 +0100 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2009-11-15 15:57:23 +0100 |
commit | 75cb763b54a89bf9b9c61740c760abce89df06f3 (patch) | |
tree | 20c9a52c83b843e23a918c69d84382ff2fe60ae7 /ip6tables.c | |
parent | 596c69007acb569843391e4c98dc21d6f2336e7b (diff) |
iptables: take masks into consideration for replace command
The two commands:
-A OUPUT -d 10.11.12.13/32 -j LOG
-R OUTPUT 1 -j LOG -d 10.11.12.13
will replace 10.11.12.13/32 by 10.11.12.13/0, which is not right.
(No regression, this problem was there forever.)
Reported-by: Werner Pawlitschko <werner.pawlitschko@arcor.de>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'ip6tables.c')
-rw-r--r-- | ip6tables.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ip6tables.c b/ip6tables.c index f6daa51c..e2359dfe 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -758,13 +758,15 @@ static int replace_entry(const ip6t_chainlabel chain, struct ip6t_entry *fw, unsigned int rulenum, - const struct in6_addr *saddr, - const struct in6_addr *daddr, + const struct in6_addr *saddr, const struct in6_addr *smask, + const struct in6_addr *daddr, const struct in6_addr *dmask, int verbose, struct ip6tc_handle *handle) { fw->ipv6.src = *saddr; fw->ipv6.dst = *daddr; + fw->ipv6.smsk = *smask; + fw->ipv6.dmsk = *dmask; if (verbose) print_firewall_line(fw, handle); @@ -1947,8 +1949,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case CMD_REPLACE: ret = replace_entry(chain, e, rulenum - 1, - saddrs, daddrs, options&OPT_VERBOSE, - *handle); + saddrs, smasks, daddrs, dmasks, + options&OPT_VERBOSE, *handle); break; case CMD_INSERT: ret = insert_entry(chain, e, rulenum - 1, |