diff options
Diffstat (limited to 'ip6tables.c')
| -rw-r--r-- | ip6tables.c | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/ip6tables.c b/ip6tables.c index e1461146..2b053924 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -132,6 +132,7 @@ static struct option original_opts[] = { {.name = "line-numbers", .has_arg = 0, .val = '0'}, {.name = "modprobe", .has_arg = 1, .val = 'M'}, {.name = "set-counters", .has_arg = 1, .val = 'c'}, + {.name = "goto", .has_arg = 1, .val = 'g'}, {NULL}, }; @@ -328,6 +329,10 @@ exit_printhelp(struct ip6tables_rule_match *matches) " network interface name ([+] for wildcard)\n" " --jump -j target\n" " target for rule (may load target extension)\n" +#ifdef IP6T_F_GOTO +" --goto -g chain\n" +" jump to chain with no return\n" +#endif " --match -m match\n" " extended match (may load extension)\n" " --numeric -n numeric output of addresses and ports\n" @@ -823,6 +828,11 @@ print_firewall(const struct ip6t_entry *fw, if (format & FMT_NOTABLE) fputs(" ", stdout); +#ifdef IP6T_F_GOTO + if(fw->ipv6.flags & IP6T_F_GOTO) + printf("[goto] "); +#endif + IP6T_MATCH_ITERATE(fw, print_match, &fw->ipv6, format & FMT_NUMERIC); if (target) { @@ -1259,7 +1269,11 @@ void print_rule(const struct ip6t_entry *e, /* Print target name */ target_name = ip6tc_get_target(e, h); if (target_name && (*target_name != '\0')) +#ifdef IP6T_F_GOTO + printf("-%c %s ", e->ipv6.flags & IP6T_F_GOTO ? 'g' : 'j', target_name); +#else printf("-j %s ", target_name); +#endif /* Print targinfo part */ t = ip6t_get_target((struct ip6t_entry *)e); @@ -1447,7 +1461,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) opterr = 0; while ((c = getopt_long(argc, argv, - "-A:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:", + "-A:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:", opts, NULL)) != -1) { switch (c) { /* @@ -1638,6 +1652,15 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) dhostnetworkmask = argv[optind-1]; break; +#ifdef IP6T_F_GOTO + case 'g': + set_option(&options, OPT_JUMP, &fw.ipv6.invflags, + invert); + fw.ipv6.flags |= IP6T_F_GOTO; + jumpto = parse_target(optarg); + break; +#endif + case 'j': set_option(&options, OPT_JUMP, &fw.ipv6.invflags, invert); @@ -1995,6 +2018,11 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) * We cannot know if the plugin is corrupt, non * existant OR if the user just misspelled a * chain. */ +#ifdef IP6T_F_GOTO + if (fw.ipv6.flags & IP6T_F_GOTO) + exit_error(PARAMETER_PROBLEM, + "goto '%s' is not a chain\n", jumpto); +#endif find_target(jumpto, LOAD_MUST_SUCCEED); } else { e = generate_entry(&fw, matches, target->t); |