From cbfa3977195dd62ba135e075513cf32c7318ea12 Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Wed, 6 Mar 2013 16:08:53 +0100 Subject: iptables: Fix setting policy The policy is kept at the end of the chain not at the beginning. Currently, the code assumes that the builtin chain is empty. --- src/iptables.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/iptables.c') diff --git a/src/iptables.c b/src/iptables.c index 6dd944ef..158dcf39 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -1054,7 +1054,7 @@ static int iptables_delete_rule(struct connman_iptables *table, static int iptables_change_policy(struct connman_iptables *table, const char *chain_name, const char *policy) { - GList *chain_head; + GList *chain_head, *chain_tail; struct connman_iptables_entry *entry; struct xt_entry_target *target; struct xt_standard_target *t; @@ -1072,6 +1072,11 @@ static int iptables_change_policy(struct connman_iptables *table, if (entry->builtin < 0) return -EINVAL; + chain_tail = find_chain_tail(table, chain_name); + if (chain_tail == NULL) + return -EINVAL; + + entry = chain_tail->prev->data; target = ipt_get_target(entry->entry); t = (struct xt_standard_target *)target; -- cgit v1.2.3