diff options
author | Phil Sutter <phil@nwl.cc> | 2020-02-21 13:18:32 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-02-24 12:04:20 +0100 |
commit | 1639b8ba5105542c73e0e1c35e70f245dab89d81 (patch) | |
tree | 4a9bc1d0b3eec2fe3714238088b8d4db35c484bf /iptables/xtables.c | |
parent | ba2af278e8836977a8cfb35c54dac60ca9b40000 (diff) |
xtables: Align effect of -4/-6 options with legacy
Legacy iptables doesn't accept -4 or -6 if they don't match the
symlink's native family. The only exception to that is iptables-restore
which simply ignores the lines introduced by non-matching options, which
is useful to create combined dump files for feeding into both
iptables-restore and ip6tables-restore.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/xtables.c')
-rw-r--r-- | iptables/xtables.c | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c index 8f9dc628..3d75a1dd 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -917,27 +917,22 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], break; case '4': + if (args->family == AF_INET) + break; + if (p->restore && args->family == AF_INET6) return; - if (args->family != AF_INET) - exit_tryhelp(2); - - h->ops = nft_family_ops_lookup(args->family); - break; + exit_tryhelp(2); case '6': + if (args->family == AF_INET6) + break; + if (p->restore && args->family == AF_INET) return; - args->family = AF_INET6; - xtables_set_nfproto(AF_INET6); - - h->ops = nft_family_ops_lookup(args->family); - if (h->ops == NULL) - xtables_error(PARAMETER_PROBLEM, - "Unknown family"); - break; + exit_tryhelp(2); case 1: /* non option */ if (optarg[0] == '!' && optarg[1] == '\0') { |