|
Packit |
7b22a4 |
/*
|
|
Packit |
7b22a4 |
* Author: Paul.Russell@rustcorp.com.au and mneuling@radlogic.com.au
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* Based on the ipchains code by Paul Russell and Michael Neuling
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* (C) 2000-2002 by the netfilter coreteam <coreteam@netfilter.org>:
|
|
Packit |
7b22a4 |
* Paul 'Rusty' Russell <rusty@rustcorp.com.au>
|
|
Packit |
7b22a4 |
* Marc Boucher <marc+nf@mbsi.ca>
|
|
Packit |
7b22a4 |
* James Morris <jmorris@intercode.com.au>
|
|
Packit |
7b22a4 |
* Harald Welte <laforge@gnumonks.org>
|
|
Packit |
7b22a4 |
* Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* iptables -- IP firewall administration for kernels with
|
|
Packit |
7b22a4 |
* firewall table (aimed for the 2.3 kernels)
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* See the accompanying manual page iptables(8) for information
|
|
Packit |
7b22a4 |
* about proper usage of this program.
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* This program is free software; you can redistribute it and/or modify
|
|
Packit |
7b22a4 |
* it under the terms of the GNU General Public License as published by
|
|
Packit |
7b22a4 |
* the Free Software Foundation; either version 2 of the License, or
|
|
Packit |
7b22a4 |
* (at your option) any later version.
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* This program is distributed in the hope that it will be useful,
|
|
Packit |
7b22a4 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
7b22a4 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
7b22a4 |
* GNU General Public License for more details.
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* You should have received a copy of the GNU General Public License
|
|
Packit |
7b22a4 |
* along with this program; if not, write to the Free Software
|
|
Packit |
7b22a4 |
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
Packit |
7b22a4 |
*/
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
#include <stdio.h>
|
|
Packit |
7b22a4 |
#include <stdlib.h>
|
|
Packit |
7b22a4 |
#include <errno.h>
|
|
Packit |
7b22a4 |
#include <string.h>
|
|
Packit |
7b22a4 |
#include <iptables.h>
|
|
Packit |
7b22a4 |
#include "xtables-multi.h"
|
|
Packit |
7b22a4 |
#include "nft.h"
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static int
|
|
Packit |
7b22a4 |
xtables_main(int family, const char *progname, int argc, char *argv[])
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
int ret;
|
|
Packit |
7b22a4 |
char *table = "filter";
|
|
Packit Service |
10e551 |
struct nft_handle h;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xtables_globals.program_name = progname;
|
|
Packit |
7b22a4 |
ret = xtables_init_all(&xtables_globals, family);
|
|
Packit |
7b22a4 |
if (ret < 0) {
|
|
Packit |
7b22a4 |
fprintf(stderr, "%s/%s Failed to initialize xtables\n",
|
|
Packit |
7b22a4 |
xtables_globals.program_name,
|
|
Packit |
7b22a4 |
xtables_globals.program_version);
|
|
Packit |
7b22a4 |
exit(1);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
|
|
Packit |
7b22a4 |
init_extensions();
|
|
Packit |
7b22a4 |
init_extensions4();
|
|
Packit |
7b22a4 |
#endif
|
|
Packit |
7b22a4 |
|
|
Packit Service |
10e551 |
if (nft_init(&h, family, xtables_ipv4) < 0) {
|
|
Packit |
7b22a4 |
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
|
|
Packit |
7b22a4 |
xtables_globals.program_name,
|
|
Packit |
7b22a4 |
xtables_globals.program_version,
|
|
Packit |
7b22a4 |
strerror(errno));
|
|
Packit |
7b22a4 |
exit(EXIT_FAILURE);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
ret = do_commandx(&h, argc, argv, &table, false);
|
|
Packit |
7b22a4 |
if (ret)
|
|
Packit |
7b22a4 |
ret = nft_commit(&h);
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
nft_fini(&h);
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (!ret) {
|
|
Packit |
7b22a4 |
if (errno == EINVAL) {
|
|
Packit |
7b22a4 |
fprintf(stderr, "iptables: %s. "
|
|
Packit |
7b22a4 |
"Run `dmesg' for more information.\n",
|
|
Packit |
7b22a4 |
nft_strerror(errno));
|
|
Packit |
7b22a4 |
} else {
|
|
Packit |
7b22a4 |
fprintf(stderr, "iptables: %s.\n",
|
|
Packit |
7b22a4 |
nft_strerror(errno));
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
if (errno == EAGAIN)
|
|
Packit |
7b22a4 |
exit(RESOURCE_PROBLEM);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
exit(!ret);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
int xtables_ip4_main(int argc, char *argv[])
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
return xtables_main(NFPROTO_IPV4, "iptables", argc, argv);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
int xtables_ip6_main(int argc, char *argv[])
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
return xtables_main(NFPROTO_IPV6, "ip6tables", argc, argv);
|
|
Packit |
7b22a4 |
}
|