From 17fc163babc348780bae4321071845748f7b7985 Mon Sep 17 00:00:00 2001 From: Henrik Nordstrom Date: Sat, 5 Nov 2005 09:26:40 +0000 Subject: add 'goto' support (Henrik Nordstrom ) --- iptables.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index aec96137..cc47e980 100644 --- a/iptables.c +++ b/iptables.c @@ -135,6 +135,7 @@ static struct option original_opts[] = { { "line-numbers", 0, 0, '0' }, { "modprobe", 1, 0, 'M' }, { "set-counters", 1, 0, 'c' }, + { "goto", 1, 0, 'g' }, { 0 } }; @@ -402,6 +403,10 @@ exit_printhelp(struct iptables_rule_match *matches) " network interface name ([+] for wildcard)\n" " --jump -j target\n" " target for rule (may load target extension)\n" +#ifdef IPT_F_GOTO +" --goto -g chain\n" +" jump to chain with no return\n" +#endif " --match -m match\n" " extended match (may load extension)\n" " --numeric -n numeric output of addresses and ports\n" @@ -1410,6 +1415,9 @@ print_firewall(const struct ipt_entry *fw, if (format & FMT_NOTABLE) fputs(" ", stdout); + if(fw->ip.flags & IPT_F_GOTO) + printf("[goto] "); + IPT_MATCH_ITERATE(fw, print_match, &fw->ip, format & FMT_NUMERIC); if (target) { @@ -1867,7 +1875,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) opterr = 0; while ((c = getopt_long(argc, argv, - "-A:D:R:I:L::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:", + "-A:D:R:I:L::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:", opts, NULL)) != -1) { switch (c) { /* @@ -2035,6 +2043,15 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) dhostnetworkmask = argv[optind-1]; break; +#ifdef IPT_F_GOTO + case 'g': + set_option(&options, OPT_JUMP, &fw.ip.invflags, + invert); + fw.ip.flags |= IPT_F_GOTO; + jumpto = parse_target(optarg); + break; +#endif + case 'j': set_option(&options, OPT_JUMP, &fw.ip.invflags, invert); @@ -2387,6 +2404,11 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) * We cannot know if the plugin is corrupt, non * existant OR if the user just misspelled a * chain. */ +#ifdef IPT_F_GOTO + if (fw.ip.flags & IPT_F_GOTO) + exit_error(PARAMETER_PROBLEM, + "goto '%s' is not a chain\n", jumpto); +#endif find_target(jumpto, LOAD_MUST_SUCCEED); } else { e = generate_entry(&fw, matches, target->t); -- cgit v1.2.3