summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_devgroup.c
Commit message (Collapse)AuthorAgeFilesLines
* iptables-translate: pass ipt_entry and ip6t_entry to ->xlate()Pablo Neira Ayuso2016-03-091-1/+1
| | | | | | | The multiport match needs it, this basically leaves ->xlate() indirection with almost the same interface as ->print(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: rename xt_buf to xt_xlatePablo Neira Ayuso2016-02-161-11/+11
| | | | | | | Use a more generic name for this object to prepare the introduction of other translation specific fields. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libxt_devgroup: Add translation to nftShivani Bhardwaj2016-02-161-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | Add translation for device group to nftables. Examples: $ sudo iptables-translate -A FORWARD -m devgroup --src-group 0x2 -j ACCEPT nft add rule ip filter FORWARD iifgroup 0x2 counter accept $ sudo iptables-translate -A FORWARD -m devgroup --dst-group 0xc/0xc -j ACCEPT nft add rule ip filter FORWARD oifgroup and 0xc == 0xc counter accept $ sudo iptables-translate -t mangle -A PREROUTING -p tcp --dport 46000 -m devgroup --src-group 23 -j ACCEPT nft add rule ip mangle PREROUTING tcp dport 46000 iifgroup 0x17 counter accept $ sudo iptables-translate -A FORWARD -m devgroup ! --dst-group 0xc/0xc -j ACCEPT nft add rule ip filter FORWARD oifgroup and 0xc != 0xc counter accept $ sudo iptables-translate -A FORWARD -m devgroup ! --src-group 0x2 -j ACCEPT nft add rule ip filter FORWARD iifgroup != 0x2 counter accept Signed-off-by : Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: devgroup: fix showing and saving of dst-groupAna Rey2014-11-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Closes bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=985 The --dst-group parameter in devgroup extensions lists and saves incorrectly its value. --dst-group always shows "0x0/0x0". This is an example: # iptables -I FORWARD -m devgroup --dst-group 200 -j ACCEPT # iptables -L FORWARD Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere src-group 0x64 dst-group 0x0/0x0 # iptables -S FORWARD -P FORWARD ACCEPT -A FORWARD -m devgroup --dst-group 0x0/0x0 -j ACCEPT Reporte-by: Axinchan <axinchan@cnrouter.com> Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libxt_devgroup: Fix the path of the group mappings fileAna Rey2014-09-191-2/+2
| | | | | | | | Use "/etc/iproute2/group" as the default path to the mapping file instead of "/etc/iproute2/group_map". Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_devgroup: guard against negative numbersJan Engelhardt2012-07-311-4/+6
| | | | | | More corrections of the strtoul kind. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* libxt_devgroup: consolidate devgroup specification parsingJan Engelhardt2012-07-311-40/+30
| | | | | | | This is a small cleanup, reducing the two copies of X/Y parsing to one. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* libxt_devgroup: actually set XT_DEVGROUP_OPT_???GROUP flagsLutz Jaenicke2011-05-231-0/+2
| | | | | Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_devgroup: use guided option parserJan Engelhardt2011-04-131-160/+41
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_devgroup: option whitespace update following v1.4.10-49-g7386635Jan Engelhardt2011-02-161-7/+7
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add extension for devgroup matchPatrick McHardy2011-02-031-0/+297
Signed-off-by: Patrick McHardy <kaber@trash.net>