summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-config.c
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/xtables-config.c')
-rw-r--r--iptables/xtables-config.c107
1 files changed, 107 insertions, 0 deletions
diff --git a/iptables/xtables-config.c b/iptables/xtables-config.c
new file mode 100644
index 00000000..16918bf6
--- /dev/null
+++ b/iptables/xtables-config.c
@@ -0,0 +1,107 @@
+/*
+ * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+#include <errno.h>
+
+#include <libnftables/table.h>
+#include <libnftables/chain.h>
+
+#include "xtables-multi.h"
+#include "xtables-config-parser.h"
+
+#include "nft.h"
+
+extern int xtables_config_parse(const char *filename,
+ struct nft_table_list *table_list,
+ struct nft_chain_list *chain_list);
+
+#define XTABLES_CONFIG_DEFAULT "/etc/xtables.conf"
+
+int xtables_config_main(int argc, char *argv[])
+{
+ struct nft_table_list *table_list = nft_table_list_alloc();
+ struct nft_chain_list *chain_list = nft_chain_list_alloc();
+ struct nft_table_list_iter *titer;
+ struct nft_chain_list_iter *citer;
+ struct nft_table *table;
+ struct nft_chain *chain;
+ const char *filename = NULL;
+ struct nft_handle h;
+
+ if (argc > 2) {
+ fprintf(stderr, "Usage: %s [<config_file>]\n", argv[0]);
+ return EXIT_SUCCESS;
+ }
+ if (argc == 1)
+ filename = XTABLES_CONFIG_DEFAULT;
+ else
+ filename = argv[1];
+
+ if (xtables_config_parse(filename, table_list, chain_list) < 0) {
+ if (errno == ENOENT) {
+ fprintf(stderr, "configuration file `%s' does not "
+ "exists\n", filename);
+ } else {
+ fprintf(stderr, "Fatal error: %s\n", strerror(errno));
+ }
+ return EXIT_FAILURE;
+ }
+
+ nft_init(&h);
+
+ /* Stage 1) create tables */
+ titer = nft_table_list_iter_create(table_list);
+ while ((table = nft_table_list_iter_next(titer)) != NULL) {
+ if (nft_table_add(&h, table) < 0) {
+ if (errno == EEXIST) {
+ printf("table `%s' already exists, skipping\n",
+ (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
+ } else {
+ printf("table `%s' cannot be create, reason `%s'. Exitting\n",
+ (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME),
+ strerror(errno));
+ return EXIT_FAILURE;
+ }
+ continue;
+ }
+ printf("table `%s' has been created\n",
+ (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
+ }
+
+ /* Stage 2) create chains */
+ citer = nft_chain_list_iter_create(chain_list);
+ while ((chain = nft_chain_list_iter_next(citer)) != NULL) {
+ if (nft_chain_add(&h, chain) < 0) {
+ if (errno == EEXIST) {
+ printf("chain `%s' already exists in table `%s', skipping\n",
+ (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
+ (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
+ } else {
+ printf("chain `%s' cannot be create, reason `%s'. Exitting\n",
+ (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
+ strerror(errno));
+ return EXIT_FAILURE;
+ }
+ continue;
+ }
+
+ printf("chain `%s' in table `%s' has been created\n",
+ (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
+ (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
+ }
+
+ return EXIT_SUCCESS;
+}