#define CMD_RENAME_CHAIN 0x1000U
#define NUMBER_OF_CMD 13
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'C', 'E' };
+ 'N', 'X', 'P', 'E' };
#define OPTION_OFFSET 256
{ "list", 2, 0, 'L' },
{ "flush", 2, 0, 'F' },
{ "zero", 2, 0, 'Z' },
- { "check", 1, 0, 'C' },
{ "new-chain", 1, 0, 'N' },
{ "delete-chain", 2, 0, 'X' },
{ "rename-chain", 2, 0, 'E' },
" --list -L [chain] List the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
" --zero -Z [chain] Zero counters in chain or all chains\n"
-" --check -C chain Test this packet on chain\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
return ret;
}
-static int
-check_packet(const ipt_chainlabel chain,
- struct ipt_entry *fw,
- unsigned int nsaddrs,
- const struct in_addr saddrs[],
- unsigned int ndaddrs,
- const struct in_addr daddrs[],
- int verbose,
- iptc_handle_t *handle)
-{
- int ret = 1;
- unsigned int i, j;
- const char *msg;
-
- for (i = 0; i < nsaddrs; i++) {
- fw->ip.src.s_addr = saddrs[i].s_addr;
- for (j = 0; j < ndaddrs; j++) {
- fw->ip.dst.s_addr = daddrs[j].s_addr;
- if (verbose)
- print_firewall_line(fw, *handle);
- msg = iptc_check_packet(chain, fw, handle);
- if (!msg) ret = 0;
- else printf("%s\n", msg);
- }
- }
-
- return ret;
-}
-
int
for_each_chain(int (*fn)(const ipt_chainlabel, int, iptc_handle_t *),
int verbose, int builtinstoo, iptc_handle_t *handle)
}
break;
- case 'C':
- add_command(&command, CMD_CHECK, CMD_NONE,
- invert);
- chain = optarg;
- break;
-
case 'R':
add_command(&command, CMD_REPLACE, CMD_NONE,
invert);
break;
case 'N':
+ if (optarg && *optarg == '-')
+ exit_error(PARAMETER_PROBLEM,
+ "chain name not allowed to start "
+ "with `-'\n");
add_command(&command, CMD_NEW_CHAIN, CMD_NONE,
invert);
chain = optarg;
exit_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
- if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND |
- CMD_CHECK)) {
+ if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) {
if (!(options & OPT_DESTINATION))
dhostnetworkmask = "0.0.0.0/0";
if (!(options & OPT_SOURCE))
exit_error(PARAMETER_PROBLEM, "! not allowed with multiple"
" source or destination IP addresses");
- if (command == CMD_CHECK && fw.ip.invflags != 0)
- exit_error(PARAMETER_PROBLEM, "! not allowed with -%c",
- cmd2char(CMD_CHECK));
-
if (command == CMD_REPLACE && (nsaddrs != 1 || ndaddrs != 1))
exit_error(PARAMETER_PROBLEM, "Replacement rule does not "
"specify a unique address");
"can't initialize iptables table `%s': %s",
*table, iptc_strerror(errno));
- if (command == CMD_CHECK
- || command == CMD_APPEND
+ if (command == CMD_APPEND
|| command == CMD_DELETE
|| command == CMD_INSERT
|| command == CMD_REPLACE) {
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEOUT),
chain);
- /* -i required with -C */
- if (command == CMD_CHECK && !(options & OPT_VIANAMEIN))
- exit_error(PARAMETER_PROBLEM,
- "Need -%c with %s\n",
- opt2char(OPT_VIANAMEIN),
- chain);
}
if (strcmp(chain, "POSTROUTING") == 0
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEIN),
chain);
- /* -o required with -C */
- if (command == CMD_CHECK && !(options&OPT_VIANAMEOUT))
- exit_error(PARAMETER_PROBLEM,
- "Need -%c with %s\n",
- opt2char(OPT_VIANAMEOUT),
- chain);
}
if (target && iptc_is_chain(jumpto, *handle)) {
options&OPT_VERBOSE,
handle);
break;
- case CMD_CHECK:
- ret = check_packet(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
- options&OPT_VERBOSE, handle);
- break;
case CMD_DELETE:
ret = delete_entry(chain, e,
nsaddrs, saddrs, ndaddrs, daddrs,
projects / thirdparty / iptables.git / commitdiff
