diff options
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/iptables-restore.c | 20 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0 | 7 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 18 |
3 files changed, 24 insertions, 21 deletions
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index 6f7ddf93..f11b2dc2 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -283,23 +283,21 @@ ip46tables_restore_main(const struct iptables_restore_cb *cb, xt_params->program_name, line); if (strcmp(policy, "-") != 0) { + char *ctrs = strtok(NULL, " \t\n"); struct xt_counters count = {}; - if (counters) { - char *ctrs; - ctrs = strtok(NULL, " \t\n"); - - if (!ctrs || !parse_counters(ctrs, &count)) - xtables_error(PARAMETER_PROBLEM, - "invalid policy counters for chain '%s'", - chain); - } + if ((!ctrs && counters) || + (ctrs && !parse_counters(ctrs, &count))) + xtables_error(PARAMETER_PROBLEM, + "invalid policy counters for chain '%s'", + chain); DEBUGP("Setting policy of chain %s to %s\n", chain, policy); - if (!cb->ops->set_policy(chain, policy, &count, - handle)) + if (!cb->ops->set_policy(chain, policy, + counters ? &count : NULL, + handle)) xtables_error(OTHER_PROBLEM, "Can't set policy `%s' on `%s' line %u: %s", policy, chain, line, diff --git a/iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0 b/iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0 index 5ac70682..854768c9 100755 --- a/iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0 +++ b/iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0 @@ -20,3 +20,10 @@ EXPECT=":foo - [0:0] $XT_MULTI iptables-restore --counters <<< "$DUMP" diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables-save --counters | grep foo) + +# if present, counters must be in proper format +! $XT_MULTI iptables-restore <<EOF +*filter +:FORWARD ACCEPT bar +COMMIT +EOF diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index abe56374..23cd3498 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -166,19 +166,17 @@ static void xtables_restore_parse_line(struct nft_handle *h, xt_params->program_name, line); if (nft_chain_builtin_find(state->curtable, chain)) { - if (counters) { - char *ctrs; - ctrs = strtok(NULL, " \t\n"); + char *ctrs = strtok(NULL, " \t\n"); - if (!ctrs || !parse_counters(ctrs, &count)) - xtables_error(PARAMETER_PROBLEM, - "invalid policy counters for chain '%s'", - chain); - - } + if ((!ctrs && counters) || + (ctrs && !parse_counters(ctrs, &count))) + xtables_error(PARAMETER_PROBLEM, + "invalid policy counters for chain '%s'", + chain); if (cb->chain_set && cb->chain_set(h, state->curtable->name, - chain, policy, &count) < 0) { + chain, policy, + counters ? &count : NULL) < 0) { xtables_error(OTHER_PROBLEM, "Can't set policy `%s' on `%s' line %u: %s", policy, chain, line, |