From: Phil Sutter Date: Mon, 28 Nov 2016 12:14:16 +0000 (+0100) Subject: xtables-translate: Fix chain type when translating nat table X-Git-Tag: v1.6.1~12 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=92a3d0898d6a046cfc8c90757bdc08094413c79e;p=thirdparty%2Fiptables.git xtables-translate: Fix chain type when translating nat table This makes the type of translated chains in nat table to be of type 'nat' instead of 'filter' which is incorrect. Verified like so: | $ iptables-restore-translate -f /dev/stdin < Signed-off-by: Pablo Neira Ayuso --- diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 0c706dcc..153bd650 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -352,17 +352,23 @@ static int xlate_chain_set(struct nft_handle *h, const char *table, const char *chain, const char *policy, const struct xt_counters *counters) { - printf("add chain %s %s %s ", family2str[h->family], table, chain); + const char *type = "filter"; + + if (strcmp(table, "nat") == 0) + type = "nat"; + + printf("add chain %s %s %s { type %s ", + family2str[h->family], table, chain, type); if (strcmp(chain, "PREROUTING") == 0) - printf("{ type filter hook prerouting priority 0; "); + printf("hook prerouting priority 0; "); else if (strcmp(chain, "INPUT") == 0) - printf("{ type filter hook input priority 0; "); + printf("hook input priority 0; "); else if (strcmp(chain, "FORWARD") == 0) - printf("{ type filter hook forward priority 0; "); + printf("hook forward priority 0; "); else if (strcmp(chain, "OUTPUT") == 0) - printf("{ type filter hook output priority 0; "); + printf("hook output priority 0; "); else if (strcmp(chain, "POSTROUTING") == 0) - printf("{ type filter hook postrouting priority 0; "); + printf("hook postrouting priority 0; "); if (strcmp(policy, "ACCEPT") == 0) printf("policy accept; ");