diff options
author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-08-02 12:12:10 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-08-08 12:43:10 +0200 |
commit | dba4a9b4b5fe2c4b6929be799fdb9332fc653e1b (patch) | |
tree | 800a99b457f9a37fd7790a8308c0d4ec33809510 /include | |
parent | 627c451b2351310da9ad82dbdb64747b1fada8e5 (diff) |
src: allow variable in chain policy
This patch allows you to use variables in chain policy definition, e.g.
define default_policy = "accept"
add table ip foo
add chain ip foo bar {type filter hook input priority filter; policy $default_policy}
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/datatype.h | 1 | ||||
-rw-r--r-- | include/rule.h | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/include/datatype.h b/include/datatype.h index ddcb7db8..c1d08cc2 100644 --- a/include/datatype.h +++ b/include/datatype.h @@ -263,6 +263,7 @@ extern const struct datatype igmp_type_type; extern const struct datatype time_type; extern const struct datatype boolean_type; extern const struct datatype priority_type; +extern const struct datatype policy_type; void inet_service_type_print(const struct expr *expr, struct output_ctx *octx); diff --git a/include/rule.h b/include/rule.h index 4c8cab13..0ef6aacd 100644 --- a/include/rule.h +++ b/include/rule.h @@ -206,7 +206,7 @@ struct chain { const char *hookstr; unsigned int hooknum; struct prio_spec priority; - int policy; + struct expr *policy; const char *type; const char *dev; struct scope scope; |