summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ip6tables.8.in7
-rw-r--r--ip6tables.c31
-rw-r--r--iptables.8.in7
-rw-r--r--iptables.c31
4 files changed, 56 insertions, 20 deletions
diff --git a/ip6tables.8.in b/ip6tables.8.in
index 7d9a6171..66d8543c 100644
--- a/ip6tables.8.in
+++ b/ip6tables.8.in
@@ -42,7 +42,7 @@ rule-specification\fP [\fIoptions...\fP]
\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP [\fIrulenum\fP]]
.PP
\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP}
-[\fIchain\fP] [\fIoptions...\fP]
+[\fIchain\fP [\fIrulenum\fP]] [\fIoptions...\fP]
.PP
\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-N\fP \fIchain\fP
.PP
@@ -182,8 +182,9 @@ it applies to the specified table (filter is the default).
Flush the selected chain (all the chains in the table if none is given).
This is equivalent to deleting all the rules one by one.
.TP
-\fB\-Z\fP, \fB\-\-zero\fP [\fIchain\fP]
-Zero the packet and byte counters in all chains. It is legal to
+\fB\-Z\fP, \fB\-\-zero\fP [\fIchain\fP [\fIrulenum\fP]]
+Zero the packet and byte counters in all chains, or only the given chain,
+or only the given rule in a chain. It is legal to
specify the
\fB\-L\fP, \fB\-\-list\fP
(list) option as well, to see the counters immediately before they are
diff --git a/ip6tables.c b/ip6tables.c
index f974fb15..8f653e8e 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -81,9 +81,10 @@
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
-#define NUMBER_OF_CMD 14
+#define CMD_ZERO_NUM 0x2000U
+#define NUMBER_OF_CMD 15
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S' };
+ 'Z', 'N', 'X', 'P', 'E', 'S' };
#define OPT_NONE 0x00000U
#define OPT_NUMERIC 0x00001U
@@ -172,6 +173,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '},
@@ -267,7 +269,8 @@ exit_printhelp(struct xtables_rule_match *matches)
" --list-rules -S [chain [rulenum]]\n"
" Print the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain] Zero counters in chain or all chains\n"
+" --zero -Z [chain [rulenum]]\n"
+" Zero counters in chain or all chains\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -1376,8 +1379,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
break;
case 'L':
- add_command(&command, CMD_LIST, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST,
+ CMD_ZERO | CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1388,8 +1391,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
break;
case 'S':
- add_command(&command, CMD_LIST_RULES, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST_RULES,
+ CMD_ZERO | CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1415,6 +1418,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
+ if (optind < argc && argv[optind][0] != '-'
+ && argv[optind][0] != '!') {
+ rulenum = parse_rulenumber(argv[optind++]);
+ command = CMD_ZERO_NUM;
+ }
break;
case 'N':
@@ -1953,8 +1961,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case CMD_ZERO:
ret = zero_entries(chain, options&OPT_VERBOSE, *handle);
break;
+ case CMD_ZERO_NUM:
+ ret = ip6tc_zero_counter(chain, rulenum, *handle);
+ break;
case CMD_LIST:
case CMD_LIST|CMD_ZERO:
+ case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
options&OPT_VERBOSE,
@@ -1965,9 +1977,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, *handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = ip6tc_zero_counter(chain, rulenum, *handle);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
+ case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
options&OPT_VERBOSE,
@@ -1975,6 +1990,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, *handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = ip6tc_zero_counter(chain, rulenum, *handle);
break;
case CMD_NEW_CHAIN:
ret = ip6tc_create_chain(chain, *handle);
diff --git a/iptables.8.in b/iptables.8.in
index 6125e659..928f46a9 100644
--- a/iptables.8.in
+++ b/iptables.8.in
@@ -35,7 +35,7 @@ iptables \(em administration tool for IPv4 packet filtering and NAT
.PP
\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP [\fIrulenum\fP]]
.PP
-\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP} [\fIchain\fP] [\fIoptions...\fP]
+\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP} [\fIchain\fP [\fIrulenum\fP]] [\fIoptions...\fP]
.PP
\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-N\fP \fIchain\fP
.PP
@@ -189,8 +189,9 @@ it applies to the specified table (filter is the default).
Flush the selected chain (all the chains in the table if none is given).
This is equivalent to deleting all the rules one by one.
.TP
-\fB\-Z\fP, \fB\-\-zero\fP [\fIchain\fP]
-Zero the packet and byte counters in all chains. It is legal to
+\fB\-Z\fP, \fB\-\-zero\fP [\fIchain\fP [\fIrulenum\fP]]
+Zero the packet and byte counters in all chains, or only the given chain,
+or only the given rule in a chain. It is legal to
specify the
\fB\-L\fP, \fB\-\-list\fP
(list) option as well, to see the counters immediately before they are
diff --git a/iptables.c b/iptables.c
index a229c35b..72287218 100644
--- a/iptables.c
+++ b/iptables.c
@@ -78,9 +78,10 @@
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
-#define NUMBER_OF_CMD 14
+#define CMD_ZERO_NUM 0x2000U
+#define NUMBER_OF_CMD 15
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S' };
+ 'Z', 'N', 'X', 'P', 'E', 'S' };
#define OPT_NONE 0x00000U
#define OPT_NUMERIC 0x00001U
@@ -172,6 +173,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '},
@@ -280,7 +282,8 @@ exit_printhelp(struct xtables_rule_match *matches)
" --list-rules -S [chain [rulenum]]\n"
" Print the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain] Zero counters in chain or all chains\n"
+" --zero -Z [chain [rulenum]]\n"
+" Zero counters in chain or all chains\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -1399,8 +1402,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
break;
case 'L':
- add_command(&command, CMD_LIST, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST,
+ CMD_ZERO | CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1411,8 +1414,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
break;
case 'S':
- add_command(&command, CMD_LIST_RULES, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST_RULES,
+ CMD_ZERO|CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1438,6 +1441,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
+ if (optind < argc && argv[optind][0] != '-'
+ && argv[optind][0] != '!') {
+ rulenum = parse_rulenumber(argv[optind++]);
+ command = CMD_ZERO_NUM;
+ }
break;
case 'N':
@@ -1994,8 +2002,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case CMD_ZERO:
ret = zero_entries(chain, options&OPT_VERBOSE, *handle);
break;
+ case CMD_ZERO_NUM:
+ ret = iptc_zero_counter(chain, rulenum, *handle);
+ break;
case CMD_LIST:
case CMD_LIST|CMD_ZERO:
+ case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2006,9 +2018,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, *handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = iptc_zero_counter(chain, rulenum, *handle);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
+ case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2016,6 +2031,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, *handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = iptc_zero_counter(chain, rulenum, *handle);
break;
case CMD_NEW_CHAIN:
ret = iptc_create_chain(chain, *handle);