xtables: Add backward compatibility with -w option

Just to keep aligned with iptables legacy tool.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.h b/iptables/nft.h
index 26b60b996fa49a65b9e6d2b2e8b0cf4cf3b04b64..22af66e25b00b1ae8c0d32577ee4d17a4794194c 100644 (file)
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -135,7 +135,7 @@ int nft_compatible_revision(const char *name, uint8_t rev, int opt);
 const char *nft_strerror(int err);
 
 /* For xtables.c */
-int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table);
+int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, bool restore);
 /* For xtables-arptables.c */
 int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table);
 

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index c4af2c5d3031fc28b4112fb0c0bd36418a637d06..730800ff49c0c9c00c8a0a340e20376bb2c92f04 100644 (file)
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -442,7 +442,8 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
                        for (a = 0; a < newargc; a++)
                                DEBUGP("argv[%u]: %s\n", a, newargv[a]);
 
-                       ret = do_commandx(&h, newargc, newargv, &newargv[2]);
+                       ret = do_commandx(&h, newargc, newargv,
+                                         &newargv[2], true);
                        if (ret < 0) {
                                ret = nft_abort(&h);
                                if (ret < 0) {

diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index eb139805d082f237fc5e5d307b7d4ceae3402fe1..355a446096ce5e262f174950d7cb6e0897b8de19 100644 (file)
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -70,7 +70,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
                exit(EXIT_FAILURE);
        }
 
-       ret = do_commandx(&h, argc, argv, &table);
+       ret = do_commandx(&h, argc, argv, &table, false);
        if (ret)
                ret = nft_commit(&h);
 

diff --git a/iptables/xtables.c b/iptables/xtables.c
index c49b4a2f5b76bc77cda085f94b26b4b67e816b57..7a8ace3deb566cecee4d6c3919e1cb3288e1db89 100644 (file)
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -678,7 +678,8 @@ static void command_match(struct iptables_command_state *cs)
                xtables_error(OTHER_PROBLEM, "can't alloc memory!");
 }
 
-int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table)
+int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
+               bool restore)
 {
        struct iptables_command_state cs;
        int verbose = 0;
@@ -1001,6 +1002,14 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table)
                                       prog_name, prog_vers);
                        exit(0);
 
+               case 'w':
+                       if (restore) {
+                               xtables_error(PARAMETER_PROBLEM,
+                                             "You cannot use `-w' from "
+                                             "iptables-restore");
+                       }
+                       break;
+
                case '0':
                        set_option(&cs.options, OPT_LINENUMBERS,
                                   &args.invflags, cs.invert);