diff options
| author | Daniel Wagner <daniel.wagner@bmw-carit.de> | 2013-03-19 13:46:33 +0100 |
|---|---|---|
| committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2013-03-25 13:17:58 +0200 |
| commit | ea307271bf2ed3cb3f594fdbcd461d939b5565fb (patch) | |
| tree | 9ba2120cb1d7565668f302f6a518b75b94ee1ec5 /Makefile.am | |
| parent | 8d9d64c7f2deda60e668bd74c09dfd4b16cfa0d2 (diff) | |
| download | connman-ea307271bf2ed3cb3f594fdbcd461d939b5565fb.tar.gz connman-ea307271bf2ed3cb3f594fdbcd461d939b5565fb.tar.bz2 connman-ea307271bf2ed3cb3f594fdbcd461d939b5565fb.zip | |
firewall: Maintain iptables rules in dedicated ConnMan chains
Instead appending ConnMan iptables rules into the builtin chains
we append them into chains managed by ConnMan.
If a rule needs to be inserted into a bultin chain, ConnMan
will create a 'connman-' prefixed builtin chain name and appends
the user rules there. Then ConnMan will insert a unconditional jump
rule in the builtin chain.
Basically,
iptables -t filter -A INPUT -m mark --mark 1 -j LOG
will be translated to this:
iptables -t filter -N connman-INPUT
iptables -t filter -A connman-INPUT -m mark --mark 1 -j LOG
iptables -t filter -I INPUT -j connman-INPUT
When the last rule in a managed chain is removed, the managed
chain will also be removed.
Diffstat (limited to 'Makefile.am')
0 files changed, 0 insertions, 0 deletions