summaryrefslogtreecommitdiffstats
path: root/iptables-save.c
Commit message (Collapse)AuthorAgeFilesLines
* mark newly opened fds as FD_CLOEXEC (close on exec)Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | (This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm) Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: combine iptables-multi and iptables-staticJan Engelhardt2009-07-251-1/+1
| | | | | | | | | | | | | | | Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: close open file descriptorsJan Engelhardt2009-06-101-0/+1
| | | | | | | Just for correctness, close some file descriptors that were opened. (E.g. ip6tables-save reading from procfs files.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables-save: module loading correctionsJan Engelhardt2009-03-191-3/+9
| | | | | | | | | | | | | | | | | | | 1. Ignore the absence of /proc/net/ip_tables_names, which happens when x_tables.ko is not loaded. This is equivalent to having x_tables.ko, but no tabe modules, loaded. As such, success should be returned. 2. Load table when explicitly requested by the -t option. Users might expect "*foo" etc. to be output when `iptables-save -t foo` is executed. So do autoload x_tables.ko and the table in this case. *. Do this for both iptables-save and ip6tables-save, and adjust the manpages for the new -M (modprobe program location) option that is introduced. Based upon a patch by Soren Hansen. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-211-4/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: general follow-up cleanupJamal Hadi Salim2009-02-131-4/+0
| | | | | | Kill program_name, program_version and xtables_program_name. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: consolidate init calls into one functionJamal Hadi Salim2009-02-131-2/+7
| | | | | | | | | | | Introduce xtables_init_all() which hides three calls xtables_init(), xtables_set_nfproto(), and xtables_set_params(). Make ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use it. I moved xtables_set_params around for readability reasons. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: set names of programsJamal Hadi Salim2009-02-121-0/+1
| | | | | | Set proper name of application. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: move afinfo aroundJan Engelhardt2009-02-071-0/+1
| | | | | | | libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - program_nameJan Engelhardt2009-01-301-2/+3
| | | | | | | | | Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - libdirJan Engelhardt2009-01-271-10/+1
| | | | | | Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* env: augment deprecation noticeJan Engelhardt2009-01-071-1/+2
| | | | | | | Tell the user what to use instead of IP*TABLES_LIBDIR. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libiptc: remove indirectionsJan Engelhardt2008-11-101-9/+9
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove typedef indirectionJan Engelhardt2008-11-101-1/+1
| | | | | | | | | | | Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables --list-rules commandHenrik Nordstrom2008-05-131-205/+0
| | | | | | | | | | | | | | | | | | Adds iptables --list-rules (-S) command, acting as a combination of iptables --list and iptables-save. The primary motivation behind this patch is to get iptables-save like output capabilities in iptables-restore, allowing "iptables-restore -n" to be used as a consistent API to iptables for all kind of operations, not only blind updates.. As a bonus iptables also gets the capability of printing the rules as-is. This completely replaces the earlier patch which added the --rules option. Henrik Nordstrom <henrik@henriknordstrom.net>
* iptables-save:remove unnecessary code.Shan Wei2008-04-211-13/+0
| | | | | | The following code is never be used. It should be removed. Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
* Remove old functions, constantsJan Engelhardt2008-04-151-4/+4
|
* iptables: use C99 lists for struct optionsGáspár Lajos2008-04-141-6/+6
|
* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIRJan Engelhardt2008-04-131-3/+8
|
* Fix all remaining warnings (missing declarations, missing prototypes)Jan Engelhardt2008-04-131-0/+1
|
* Fix -Wshadow warnings and clean up xt_sctp.hJan Engelhardt2008-04-061-5/+5
| | | | | Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
* whitespace cleanupMax Kellermann2008-01-291-11/+11
| | | | Max Kellermann <max@duempel.org>
* iptables and NO_SHARED_LIBS/dlfcn.hMike Frysinger2007-12-191-1/+4
| | | | | | | | if NO_SHARED_LIBS is defined, then iptables shouldnt even include dlfcn.h. otherwise you hit a build failure when using toolchains that do not provide dlfcn.h because they do not support shared objects. Signed-Off-By: Mike Frysinger <vapier@gentoo.org>
* iptables: always print mask in iptables-saveJan Engelhardt2007-11-251-3/+15
| | | | | | | | | | | | | iptables prints the mask as a prefix length if it is valid; This patch makes iptables-save do the same. Also, iptables-save will always print "/32" in the "-s addr/32" case now. This reduces the amount of code external parsing scripts need to provide to properly parse iptables-save output. ip6tables-save already does the right thing, so no change there. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_namesVictor Stinner2007-10-181-1/+3
| | | | Victor Stinner <victor.stinner@inl.fr>
* Fix missing newlines in iptables-save/restore output (Pavol Rusnak ↵Pavel Rusnak2007-05-101-1/+1
| | | | | | <prusnak@suse.cz>) Bugzilla #568
* Fix iptables-save not printing -s !0/0 and -d !0/0 as well as ip6tablesPatrick McHardy2006-12-021-1/+1
| | | | unnecessarily printing the address. Base on patch by Daniel De Graaf.
* fix compilation of iptables on [old] systems that don't have IPT_F_GOTOHarald Welte2005-11-241-0/+4
|
* add 'goto' support (Henrik Nordstrom <hno@marasystems.com>)Henrik Nordstrom2005-11-051-1/+1
|
* poll goto specific changes out of trunkHarald WeltePablo Neira2005-04-151-1/+1
|
* fix iptables-save/restore of goto (Jonas Berlin)Jonas Berlin2005-04-151-1/+1
|
* Fix setting lib_dir in ip*tables-{save,restore}Martin Josefsson2004-12-271-0/+4
|
* Bastiaan Bakker's patch to combine iptables, iptables-save and iptables-restoreBastiaan Bakker2004-06-251-1/+7
| | | | for size reduction applied
* Get rid of some warnings when compiling 64bit.Martin Josefsson2004-05-261-2/+2
|
* include netdb.h if we use getprotobynumberHarald Welte2004-04-151-0/+1
|
* use /etc/protocols when printing protocol names (Pedro Lamarão)Pedro Lamarão2007-11-301-0/+6
|
* add userspace part of SCTP matchHarald Welte2004-02-211-0/+1
|
* Make sure to use matches in the order they are given when calling ↵Martin Josefsson2004-02-021-1/+1
| | | | do_command() multiple times.
* fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵Martin Josefsson2003-05-021-0/+2
| | | | Josefsson)
* copyright / GPL noticeHarald Welte2002-08-071-2/+5
|
* globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent ↵Harald Welte2002-05-291-2/+2
| | | | naming
* Added -d and -t short options to getopt_long() call.Marc Boucher2001-12-061-1/+1
|
* make sure we print the "+" at the end of ppp+ stype interface namesHarald Welte2001-11-081-1/+3
|
* fix bug in iptables-save, ocurring with targets without save() function.Harald Welte2001-10-161-6/+14
| | | | Debian Bug #113011
* - added patch to support statically linking of iptablesHarald Welte2001-08-061-0/+4
| | | | - iptables-save/-restore is no longer experimental
* Fix speling of own name.Rusty Russell2001-07-101-1/+1
| | | | Fix EMail address.
* ip6tables-save without target fix, scoreboardHarald Welte2001-07-051-1/+1
|
* A. van Schie: bug report "iptables-save doesn't save fall-through rules ↵Harald Welte2001-05-241-1/+4
| | | | correctly"
* hopefully fixed the multiple-interface iptables-save problemHarald Welte2001-05-231-1/+1
|
* fixes '_' in interface names bug (iptables)Harald Welte2001-05-121-1/+1
| | | | fixes '+' in interface names bug (iptables-save)