From 92a3d0898d6a046cfc8c90757bdc08094413c79e Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 28 Nov 2016 13:14:16 +0100 Subject: xtables-translate: Fix chain type when translating nat table This makes the type of translated chains in nat table to be of type 'nat' instead of 'filter' which is incorrect. Verified like so: | $ iptables-restore-translate -f /dev/stdin < Signed-off-by: Pablo Neira Ayuso --- iptables/xtables-translate.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'iptables') diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 0c706dcc..153bd650 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -352,17 +352,23 @@ static int xlate_chain_set(struct nft_handle *h, const char *table, const char *chain, const char *policy, const struct xt_counters *counters) { - printf("add chain %s %s %s ", family2str[h->family], table, chain); + const char *type = "filter"; + + if (strcmp(table, "nat") == 0) + type = "nat"; + + printf("add chain %s %s %s { type %s ", + family2str[h->family], table, chain, type); if (strcmp(chain, "PREROUTING") == 0) - printf("{ type filter hook prerouting priority 0; "); + printf("hook prerouting priority 0; "); else if (strcmp(chain, "INPUT") == 0) - printf("{ type filter hook input priority 0; "); + printf("hook input priority 0; "); else if (strcmp(chain, "FORWARD") == 0) - printf("{ type filter hook forward priority 0; "); + printf("hook forward priority 0; "); else if (strcmp(chain, "OUTPUT") == 0) - printf("{ type filter hook output priority 0; "); + printf("hook output priority 0; "); else if (strcmp(chain, "POSTROUTING") == 0) - printf("{ type filter hook postrouting priority 0; "); + printf("hook postrouting priority 0; "); if (strcmp(policy, "ACCEPT") == 0) printf("policy accept; "); -- cgit v1.2.3