diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-12 15:15:14 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-17 17:26:03 +0100 |
| commit | ac3a68fb768b7f0e20493038139faa4704dc1846 (patch) | |
| tree | 1a9010abd009fd6631579b2278a7d2abffa58142 /src/parser_bison.y | |
| parent | a8018eaf35636ac7fc26387f84b4b978db14546f (diff) | |
src: expose table flags
The nf_tables kernel API provides a way to disable a table using the
dormant flag. This patch adds the missing code to expose this feature
through nft.
Basically, if you want to disable a table and all its chains from seen
any traffic, you have to type:
nft add table filter { flags dormant\; }
to re-enable the table, you have to:
nft add table filter
this clears the flags.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
| -rw-r--r-- | src/parser_bison.y | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index fd2407c8..6fc834d0 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -853,9 +853,22 @@ table_block_alloc : /* empty */ } ; +table_options : FLAGS STRING + { + if (strcmp($2, "dormant") == 0) { + $<table>0->flags = TABLE_F_DORMANT; + } else { + erec_queue(error(&@2, "unknown table option %s", $2), + state->msgs); + YYERROR; + } + } + ; + table_block : /* empty */ { $$ = $<table>-1; } | table_block common_block | table_block stmt_seperator + | table_block table_options stmt_seperator | table_block CHAIN chain_identifier chain_block_alloc '{' chain_block '}' stmt_seperator |