diff options
author | David Fabian <david.fabian@bosson.cz> | 2018-01-22 14:02:11 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-26 18:50:37 +0100 |
commit | 5a5cdd5d42f0aa8fc78ac1ff81a423fc40072fea (patch) | |
tree | f923979c1d84e13e40d8cfdc929804d6fab89e47 /src/rule.c | |
parent | d3d2c4bd782368e9024d88795659325372b99ed8 (diff) |
Added undefine/redefine keywords
This is a small patch to nft which adds two new keywords - undefine and
redefine. undefine simply undefines a variable from the current scope.
redefine allows one to change a variable definition. We have a firewall
written in bash (using iptables) that is organized by customer VLANs.
Each VLAN has its own set of bash variables holding things like uplink
iface names, gateway IPs, etc. We want to rewrite the firewall to
nftables but are stuck on the fact that nft variables cannot be
overridden in the same scope. We have each VLAN configuration in a
separate file containing pre/post-routing, input, output and forward
rules,and we include those files to a master firewall configuration. One
solution is to rename all the variables with some VLAN specific
(pre/su)ffix. But that is cumbersome.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -485,6 +485,21 @@ void symbol_bind(struct scope *scope, const char *identifier, struct expr *expr) list_add_tail(&sym->list, &scope->symbols); } +int symbol_unbind(struct scope *scope, const char *identifier) +{ + struct symbol *sym; + + sym = symbol_lookup(scope, identifier); + if (!sym) + return -1; + + list_del(&sym->list); + xfree(sym->identifier); + expr_free(sym->expr); + xfree(sym); + return 0; +} + struct symbol *symbol_lookup(const struct scope *scope, const char *identifier) { struct symbol *sym; |