summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--iptables/nft.h2
-rw-r--r--iptables/xtables-restore.c3
-rw-r--r--iptables/xtables-standalone.c2
-rw-r--r--iptables/xtables.c11
4 files changed, 14 insertions, 4 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 26b60b99..22af66e2 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -135,7 +135,7 @@ int nft_compatible_revision(const char *name, uint8_t rev, int opt);
const char *nft_strerror(int err);
/* For xtables.c */
-int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table);
+int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, bool restore);
/* For xtables-arptables.c */
int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table);
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index c4af2c5d..730800ff 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -442,7 +442,8 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
for (a = 0; a < newargc; a++)
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
- ret = do_commandx(&h, newargc, newargv, &newargv[2]);
+ ret = do_commandx(&h, newargc, newargv,
+ &newargv[2], true);
if (ret < 0) {
ret = nft_abort(&h);
if (ret < 0) {
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index eb139805..355a4460 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -70,7 +70,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
exit(EXIT_FAILURE);
}
- ret = do_commandx(&h, argc, argv, &table);
+ ret = do_commandx(&h, argc, argv, &table, false);
if (ret)
ret = nft_commit(&h);
diff --git a/iptables/xtables.c b/iptables/xtables.c
index c49b4a2f..7a8ace3d 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -678,7 +678,8 @@ static void command_match(struct iptables_command_state *cs)
xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
-int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table)
+int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
+ bool restore)
{
struct iptables_command_state cs;
int verbose = 0;
@@ -1001,6 +1002,14 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table)
prog_name, prog_vers);
exit(0);
+ case 'w':
+ if (restore) {
+ xtables_error(PARAMETER_PROBLEM,
+ "You cannot use `-w' from "
+ "iptables-restore");
+ }
+ break;
+
case '0':
set_option(&cs.options, OPT_LINENUMBERS,
&args.invflags, cs.invert);