From 8d9d64c7f2deda60e668bd74c09dfd4b16cfa0d2 Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Tue, 19 Mar 2013 13:46:32 +0100 Subject: firewall: Add firewall API The main idea behind this API is to collect several iptables rules together and enable or disable in one go. For this a context is created via __connman_firewall_create() and the rules added to this context via __connman_firewall_add_rule(). In order to append all rules __connman_firewall_enable() has to be called. To remove all rules associated with one context __connman_firewall_disable() has to be used. If something goes awry the code tries to get back to the initial state. --- src/connman.h | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/connman.h') diff --git a/src/connman.h b/src/connman.h index e09c22e2..e9c774e7 100644 --- a/src/connman.h +++ b/src/connman.h @@ -880,6 +880,16 @@ int __connman_nat_enable(const char *name, const char *address, unsigned char prefixlen); void __connman_nat_disable(const char *name); +struct firewall_context; + +struct firewall_context *__connman_firewall_create(void); +void __connman_firewall_destroy(struct firewall_context *ctx); +int __connman_firewall_add_rule(struct firewall_context *ctx, + const char *table, + const char *chain, + const char *rule_fmt, ...); +int __connman_firewall_enable(struct firewall_context *ctx); +int __connman_firewall_disable(struct firewall_context *ctx); int __connman_firewall_init(void); void __connman_firewall_cleanup(void); -- cgit v1.2.3