chain name may not clash with target name

author Joszef Kadlecsik <kadlec@blackhole.kfki.hu>

Mon, 24 Jun 2002 12:37:29 +0000 (12:37 +0000)

committer Joszef Kadlecsik <kadlec@blackhole.kfki.hu>

Mon, 24 Jun 2002 12:37:29 +0000 (12:37 +0000)
author Joszef Kadlecsik <kadlec@blackhole.kfki.hu>
Mon, 24 Jun 2002 12:37:29 +0000 (12:37 +0000)
committer Joszef Kadlecsik <kadlec@blackhole.kfki.hu>
Mon, 24 Jun 2002 12:37:29 +0000 (12:37 +0000)
diff --git a/ip6tables.c b/ip6tables.c

index dad9052d74f423970c47618a6b8ae7d9221fb239..b3346b140893a84df8094686975dfd63d3bfda30 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1161,9 +1161,6 @@ print_firewall(const struct ip6t_entry *fw,
         u_int8_t flags;
         char buf[BUFSIZ];
  
-       /* User creates a chain called "REJECT": this overrides the
-          `REJECT' target module.  Keep feeding them rope until the
-          revolution... Bwahahahahah */
         if (!ip6tc_is_chain(targname, handle))
                 target = find_target(targname, TRY_LOAD);
         else
@@ -1797,6 +1794,14 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
                         break;
  
                 case 'N':
+                       if (optarg && *optarg == '-')
+                               exit_error(PARAMETER_PROBLEM,
+                                          "chain name not allowed to start "
+                                          "with `-'\n");
+                       if (find_target(optarg, TRY_LOAD))
+                               exit_error(PARAMETER_PROBLEM,
+                                          "chain name may not clash "
+                                          "with target name\n");
                         add_command(&command, CMD_NEW_CHAIN, CMD_NONE,
                                     invert);
                         chain = optarg;
diff --git a/iptables.c b/iptables.c

index 8792141ce82ffee7a952baecc08e2c4868c43bda..b9c190b2f85ed2fa5e42329cf88b6bb7f28b3420 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -1159,9 +1159,6 @@ print_firewall(const struct ipt_entry *fw,
         u_int8_t flags;
         char buf[BUFSIZ];
  
-       /* User creates a chain called "REJECT": this overrides the
-          `REJECT' target module.  Keep feeding them rope until the
-          revolution... Bwahahahahah */
         if (!iptc_is_chain(targname, handle))
                 target = find_target(targname, TRY_LOAD);
         else
@@ -1760,6 +1757,10 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
                                 exit_error(PARAMETER_PROBLEM,
                                            "chain name not allowed to start "
                                            "with `-'\n");
+                       if (find_target(optarg, TRY_LOAD))
+                               exit_error(PARAMETER_PROBLEM,
+                                          "chain name may not clash "
+                                          "with target name\n");
                         add_command(&command, CMD_NEW_CHAIN, CMD_NONE,
                                     invert);
                         chain = optarg;
author	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>
	Mon, 24 Jun 2002 12:37:29 +0000 (12:37 +0000)
committer	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>
	Mon, 24 Jun 2002 12:37:29 +0000 (12:37 +0000)
ip6tables.c		patch \| blob \| blame \| history
iptables.c		patch \| blob \| blame \| history