diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2017-05-26 18:25:32 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2017-05-26 18:25:32 +0200 |
| commit | 0e5dd73076c3dc23a6971784640dd7e36f99b6d5 (patch) | |
| tree | ccb54b2ab4252ce9591d6de73d5cf81a9b7dab97 | |
| parent | 4cb06c72131e37fa9058707e11497cfd905b1a89 (diff) | |
| download | firewall3-0e5dd73076c3dc23a6971784640dd7e36f99b6d5.tar.gz | |
iptables: support -i, -o, -s and -d in option extra
Allow "option extra" to specify "-i", "-o", "-s" and "-d" arguments which
previously caused rules to get rejected with "Bad argument" errors.
Partially fixes FS#806.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
| -rw-r--r-- | iptables.c | 41 |
1 files changed, 38 insertions, 3 deletions
@@ -75,8 +75,12 @@ struct fw3_ipt_rule { }; static struct option base_opts[] = { - { .name = "match", .has_arg = 1, .val = 'm' }, - { .name = "jump", .has_arg = 1, .val = 'j' }, + { .name = "match", .has_arg = 1, .val = 'm' }, + { .name = "jump", .has_arg = 1, .val = 'j' }, + { .name = "in-interface", .has_arg = 1, .val = 'i' }, + { .name = "out-interface", .has_arg = 1, .val = 'o' }, + { .name = "source", .has_arg = 1, .val = 's' }, + { .name = "destination", .has_arg = 1, .val = 'd' }, { NULL } }; @@ -1546,6 +1550,9 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...) struct xtables_target *et; struct xtables_globals *g; + struct fw3_device dev; + struct fw3_address addr; + enum xtables_exittype status; int i, optc; @@ -1573,7 +1580,7 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...) set_rule_tag(r); - while ((optc = getopt_long(r->argc, r->argv, "-:m:j:", g->opts, + while ((optc = getopt_long(r->argc, r->argv, "-:m:j:i:o:s:d:", g->opts, NULL)) != -1) { switch (optc) @@ -1601,6 +1608,34 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...) break; + case 'i': + case 'o': + if (!fw3_parse_device(&dev, optarg, false) || + dev.any || dev.invert || *dev.network) + { + warn("fw3_ipt_rule_append(): Bad argument '%s'", optarg); + goto free; + } + + dev.invert = inv; + fw3_ipt_rule_in_out(r, (optc == 'i') ? &dev : NULL, + (optc == 'o') ? &dev : NULL); + break; + + case 's': + case 'd': + if (!fw3_parse_address(&addr, optarg, false) || + addr.range || addr.invert) + { + warn("fw3_ipt_rule_append(): Bad argument '%s'", optarg); + goto free; + } + + addr.invert = inv; + fw3_ipt_rule_src_dest(r, (optc == 's') ? &addr : NULL, + (optc == 'd') ? &addr : NULL); + break; + case 1: if ((optarg[0] == '!') && (optarg[1] == '\0')) { |