iptables-restore/save: exit when given an unknown option

When an unknown option is given, iptables-restore should exit instead of
continue its operation. For example, if `--table` was misspelled, this
could lead to an unwanted change. Moreover, exit with a status code of
1. Make the same change for iptables-save.

OTOH, exit with a status code of 0 when requesting help.

Signed-off-by: Vincent Bernat <vincent@bernat.im>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 5 insertions, 5 deletions

diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index cb06559b..876fe06d 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -44,8 +44,6 @@ static const struct option options[] = {
 	{NULL},
 };
 
-static void print_usage(const char *name, const char *version) __attribute__((noreturn));
-
 #define prog_name iptables_globals.program_name
 #define prog_vers iptables_globals.program_version
 
@@ -62,8 +60,6 @@ static void print_usage(const char *name, const char *version)
 			"	   [ --wait-interval=<usecs>\n"
 			"	   [ --table=<TABLE> ]\n"
 			"	   [ --modprobe=<command> ]\n", name);
-
-	exit(1);
 }
 
 static struct xtc_handle *create_handle(const char *tablename)
@@ -235,7 +231,7 @@ iptables_restore_main(int argc, char *argv[])
 			case 'h':
 				print_usage("iptables-restore",
 					    IPTABLES_VERSION);
-				break;
+				exit(0);
 			case 'n':
 				noflush = 1;
 				break;
@@ -251,6 +247,10 @@ iptables_restore_main(int argc, char *argv[])
 			case 'T':
 				tablename = optarg;
 				break;
+			default:
+				fprintf(stderr,
+					"Try `iptables-restore -h' for more information.\n");
+				exit(1);
 		}
 	}