diff options
| author | Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> | 2011-10-27 10:26:43 +0300 |
|---|---|---|
| committer | Samuel Ortiz <sameo@linux.intel.com> | 2011-10-28 21:34:28 +0200 |
| commit | 8f1f78f53bc03c99c7e065af3e71fcd90ea7829c (patch) | |
| tree | 378fb62aeca34874e9421f9a46f28ff6a9e31600 /src | |
| parent | 0f5e496a59e04cb9ab38755af5c5d154c1d4c2f0 (diff) | |
| download | connman-8f1f78f53bc03c99c7e065af3e71fcd90ea7829c.tar.gz connman-8f1f78f53bc03c99c7e065af3e71fcd90ea7829c.tar.bz2 connman-8f1f78f53bc03c99c7e065af3e71fcd90ea7829c.zip | |
iptables: Support builtin chain policies changes
Diffstat (limited to 'src')
| -rw-r--r-- | src/iptables.c | 53 |
1 files changed, 50 insertions, 3 deletions
diff --git a/src/iptables.c b/src/iptables.c index 30d8f47b..2ea8e1c3 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -875,6 +875,35 @@ static int iptables_delete_rule(struct connman_iptables *table, return 0; } +static int iptables_change_policy(struct connman_iptables *table, + char *chain_name, char *policy) +{ + GList *chain_head; + struct connman_iptables_entry *entry; + struct xt_entry_target *target; + struct xt_standard_target *t; + int verdict; + + verdict = target_to_verdict(policy); + if (verdict == 0) + return -EINVAL; + + chain_head = find_chain_head(table, chain_name); + if (chain_head == NULL) + return -EINVAL; + + entry = chain_head->data; + if (entry->builtin < 0) + return -EINVAL; + + target = ipt_get_target(entry->entry); + + t = (struct xt_standard_target *)target; + t->verdict = verdict; + + return 0; +} + static struct ipt_replace *iptables_blob(struct connman_iptables *table) { struct ipt_replace *r; @@ -1224,6 +1253,7 @@ static struct option iptables_opts[] = { {.name = "insert", .has_arg = 1, .val = 'I'}, {.name = "list", .has_arg = 2, .val = 'L'}, {.name = "new-chain", .has_arg = 1, .val = 'N'}, + {.name = "policy", .has_arg = 1, .val = 'P'}, {.name = "delete-chain", .has_arg = 1, .val = 'X'}, {.name = "destination", .has_arg = 1, .val = 'd'}, {.name = "in-interface", .has_arg = 1, .val = 'i'}, @@ -1392,7 +1422,7 @@ static int iptables_command(int argc, char *argv[]) struct xtables_target *xt_t; struct ipt_ip ip; char *table_name, *chain, *new_chain, *match_name, *target_name; - char *flush_chain, *delete_chain; + char *flush_chain, *delete_chain, *policy; int c, ret, in_len, out_len; gboolean dump, invert, insert, delete; struct in_addr src, dst; @@ -1405,7 +1435,7 @@ static int iptables_command(int argc, char *argv[]) insert = FALSE; delete = FALSE; table_name = chain = new_chain = match_name = target_name = NULL; - flush_chain = delete_chain = NULL; + flush_chain = delete_chain = policy = NULL; memset(&ip, 0, sizeof(struct ipt_ip)); table = NULL; xt_rm = NULL; @@ -1418,7 +1448,7 @@ static int iptables_command(int argc, char *argv[]) optind = 0; - while ((c = getopt_long(argc, argv, "-A:F:I:L::N:X:d:j:i:m:o:s:t:", + while ((c = getopt_long(argc, argv, "-A:F:I:L::N:P:X:d:j:i:m:o:s:t:", iptables_globals.opts, NULL)) != -1) { switch (c) { case 'A': @@ -1459,6 +1489,15 @@ static int iptables_command(int argc, char *argv[]) new_chain = optarg; break; + case 'P': + chain = optarg; + if (optind < argc) + policy = argv[optind++]; + else + goto out; + + break; + case 'X': delete_chain = optarg; break; @@ -1637,6 +1676,14 @@ static int iptables_command(int argc, char *argv[]) } if (chain) { + if (policy != NULL) { + printf("Changing policy of %s to %s\n", chain, policy); + + iptables_change_policy(table, chain, policy); + + goto out; + } + if (xt_t == NULL) goto out; |