diff options
Diffstat (limited to 'iptables.c')
-rw-r--r-- | iptables.c | 48 |
1 files changed, 28 insertions, 20 deletions
@@ -123,15 +123,11 @@ static struct option original_opts[] = { {.name = "modprobe", .has_arg = 1, .val = 'M'}, {.name = "set-counters", .has_arg = 1, .val = 'c'}, {.name = "goto", .has_arg = 1, .val = 'g'}, + {.name = "ipv4", .has_arg = 0, .val = '4'}, + {.name = "ipv6", .has_arg = 0, .val = '6'}, {NULL}, }; -/* we need this for iptables-restore. iptables-restore.c sets line to the - * current line of the input file, in order to give a more precise error - * message. iptables itself doesn't need this, so it is initialized to the - * magic number of -1 */ -int line = -1; - void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); struct xtables_globals iptables_globals = { @@ -267,6 +263,8 @@ exit_printhelp(const struct xtables_rule_match *matches) " Change chain name, (moving any references)\n" "Options:\n" +" --ipv4 -4 Nothing (line is ignored by ip6tables-restore)\n" +" --ipv6 -6 Error (line is ignored by iptables-restore)\n" "[!] --proto -p proto protocol: by number or name, eg. `tcp'\n" "[!] --source -s address[/mask][...]\n" " source specification\n" @@ -862,7 +860,7 @@ check_entry(const ipt_chainlabel chain, struct ipt_entry *fw, } int -for_each_chain(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), +for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), int verbose, int builtinstoo, struct iptc_handle *handle) { int ret = 1; @@ -898,11 +896,11 @@ for_each_chain(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), } int -flush_entries(const ipt_chainlabel chain, int verbose, +flush_entries4(const ipt_chainlabel chain, int verbose, struct iptc_handle *handle) { if (!chain) - return for_each_chain(flush_entries, verbose, 1, handle); + return for_each_chain4(flush_entries4, verbose, 1, handle); if (verbose) fprintf(stdout, "Flushing chain `%s'\n", chain); @@ -914,7 +912,7 @@ zero_entries(const ipt_chainlabel chain, int verbose, struct iptc_handle *handle) { if (!chain) - return for_each_chain(zero_entries, verbose, 1, handle); + return for_each_chain4(zero_entries, verbose, 1, handle); if (verbose) fprintf(stdout, "Zeroing chain `%s'\n", chain); @@ -922,11 +920,11 @@ zero_entries(const ipt_chainlabel chain, int verbose, } int -delete_chain(const ipt_chainlabel chain, int verbose, +delete_chain4(const ipt_chainlabel chain, int verbose, struct iptc_handle *handle) { if (!chain) - return for_each_chain(delete_chain, verbose, 0, handle); + return for_each_chain4(delete_chain4, verbose, 0, handle); if (verbose) fprintf(stdout, "Deleting chain `%s'\n", chain); @@ -1101,7 +1099,7 @@ static void print_ip(const char *prefix, uint32_t ip, /* We want this to be readable, so only print out neccessary fields. * Because that's the kind of world I want to live in. */ -void print_rule(const struct ipt_entry *e, +void print_rule4(const struct ipt_entry *e, struct iptc_handle *h, const char *chain, int counters) { const struct ipt_entry_target *t; @@ -1224,7 +1222,7 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters, while(e) { num++; if (!rulenum || num == rulenum) - print_rule(e, handle, this, counters); + print_rule4(e, handle, this, counters); e = iptc_next_rule(e, handle); } found = 1; @@ -1429,7 +1427,7 @@ static void command_match(struct iptables_command_state *cs) xtables_error(OTHER_PROBLEM, "can't alloc memory!"); } -int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle) +int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handle) { struct iptables_command_state cs; struct ipt_entry *e = NULL; @@ -1453,11 +1451,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle cs.jumpto = ""; cs.argv = argv; - /* re-set optind to 0 in case do_command gets called + /* re-set optind to 0 in case do_command4 gets called * a second time */ optind = 0; - /* clear mflags in case do_command gets called a second time + /* clear mflags in case do_command4 gets called a second time * (we clear the global list of all matches for security)*/ for (m = xtables_matches; m; m = m->next) m->mflags = 0; @@ -1473,7 +1471,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle opts = xt_params->orig_opts; while ((cs.c = getopt_long(argc, argv, - "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:", + "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:46", opts, NULL)) != -1) { switch (cs.c) { /* @@ -1788,6 +1786,16 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle cs.fw.counters.bcnt = cnt; break; + case '4': + /* This is indeed the IPv4 iptables */ + break; + + case '6': + /* This is not the IPv6 ip6tables */ + if (line != -1) + return 1; /* success: line ignored */ + fprintf(stderr, "This is the IPv4 version of iptables.\n"); + exit_tryhelp(2); case 1: /* non option */ if (optarg[0] == '!' && optarg[1] == '\0') { @@ -1989,7 +1997,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle *handle); break; case CMD_FLUSH: - ret = flush_entries(chain, cs.options&OPT_VERBOSE, *handle); + ret = flush_entries4(chain, cs.options&OPT_VERBOSE, *handle); break; case CMD_ZERO: ret = zero_entries(chain, cs.options&OPT_VERBOSE, *handle); @@ -2030,7 +2038,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle ret = iptc_create_chain(chain, *handle); break; case CMD_DELETE_CHAIN: - ret = delete_chain(chain, cs.options&OPT_VERBOSE, *handle); + ret = delete_chain4(chain, cs.options&OPT_VERBOSE, *handle); break; case CMD_RENAME_CHAIN: ret = iptc_rename_chain(chain, newname, *handle); |