diff options
| author | Daniel Wagner <daniel.wagner@bmw-carit.de> | 2013-03-06 16:08:53 +0100 |
|---|---|---|
| committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2013-03-07 10:07:11 +0200 |
| commit | cbfa3977195dd62ba135e075513cf32c7318ea12 (patch) | |
| tree | eea1ab689657f590a7cb85fb948876d02af76fbe /src/iptables.c | |
| parent | cc660f84f8cceca1586daf84f99b2ad39f87523d (diff) | |
| download | connman-cbfa3977195dd62ba135e075513cf32c7318ea12.tar.gz connman-cbfa3977195dd62ba135e075513cf32c7318ea12.tar.bz2 connman-cbfa3977195dd62ba135e075513cf32c7318ea12.zip | |
iptables: Fix setting policy
The policy is kept at the end of the chain not at the beginning.
Currently, the code assumes that the builtin chain is empty.
Diffstat (limited to 'src/iptables.c')
| -rw-r--r-- | src/iptables.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/iptables.c b/src/iptables.c index 6dd944ef..158dcf39 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -1054,7 +1054,7 @@ static int iptables_delete_rule(struct connman_iptables *table, static int iptables_change_policy(struct connman_iptables *table, const char *chain_name, const char *policy) { - GList *chain_head; + GList *chain_head, *chain_tail; struct connman_iptables_entry *entry; struct xt_entry_target *target; struct xt_standard_target *t; @@ -1072,6 +1072,11 @@ static int iptables_change_policy(struct connman_iptables *table, if (entry->builtin < 0) return -EINVAL; + chain_tail = find_chain_tail(table, chain_name); + if (chain_tail == NULL) + return -EINVAL; + + entry = chain_tail->prev->data; target = ipt_get_target(entry->entry); t = (struct xt_standard_target *)target; |