diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-20 22:32:43 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:23 +0100 |
commit | 0aad20f3979e3b6becd40e4ed5bba8d09d90706e (patch) | |
tree | b8d2425d471a0e34cd9dd85ce8e6295dfe80cd33 /iptables/nft.h | |
parent | 8ebee8c46101914b269afe94e772321e5ee09c3f (diff) |
xtables: purge out user-define chains from the kernel
xtables-restore has to purge out user-defined chains that are
not defined in the configuration file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.h')
-rw-r--r-- | iptables/nft.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h index 00216681..f7ed0a38 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -17,12 +17,14 @@ void nft_fini(struct nft_handle *h); * Operations with tables. */ struct nft_table; +struct nft_chain_list; int nft_table_add(struct nft_handle *h, const struct nft_table *t); int nft_for_each_table(struct nft_handle *h, int (*func)(struct nft_handle *h, const char *tablename, bool counters), bool counters); bool nft_table_find(struct nft_handle *h, const char *tablename); int nft_table_set_dormant(struct nft_handle *h, const char *table); int nft_table_wake_dormant(struct nft_handle *h, const char *table); +int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nft_chain_list *list); /* * Operations with chains. @@ -32,6 +34,7 @@ struct nft_chain; int nft_chain_add(struct nft_handle *h, const struct nft_chain *c); int nft_chain_set(struct nft_handle *h, const char *table, const char *chain, const char *policy, const struct xt_counters *counters); struct nft_chain_list *nft_chain_dump(struct nft_handle *h); +struct nft_chain *nft_chain_list_find(struct nft_handle *h, struct nft_chain_list *list, const char *table, const char *chain); int nft_chain_save(struct nft_handle *h, struct nft_chain_list *list, const char *table); int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table); int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table); |