diff options
author | Daniel Wagner <daniel.wagner@bmw-carit.de> | 2013-03-06 16:08:54 +0100 |
---|---|---|
committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2013-03-07 10:07:12 +0200 |
commit | 60c18c2aab0cf1a6a7ce2d58d87df046a675d81a (patch) | |
tree | 25a71c817f4e2bf2832c605e64035861788ba56c /src/iptables.c | |
parent | cbfa3977195dd62ba135e075513cf32c7318ea12 (diff) | |
download | connman-60c18c2aab0cf1a6a7ce2d58d87df046a675d81a.tar.gz connman-60c18c2aab0cf1a6a7ce2d58d87df046a675d81a.tar.bz2 connman-60c18c2aab0cf1a6a7ce2d58d87df046a675d81a.zip |
iptables: Valid policies are only ACCEPT and DROP
Diffstat (limited to 'src/iptables.c')
-rw-r--r-- | src/iptables.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/iptables.c b/src/iptables.c index 158dcf39..734ebc11 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -1061,8 +1061,13 @@ static int iptables_change_policy(struct connman_iptables *table, int verdict; verdict = target_to_verdict(policy); - if (verdict == 0) + switch (verdict) { + case -NF_ACCEPT - 1: + case -NF_DROP - 1: + break; + default: return -EINVAL; + } chain_head = find_chain_head(table, chain_name); if (chain_head == NULL) |