[netfilter-cvslog] r4543 - trunk/iptables/extensions
laforge at netfilter.org
laforge at netfilter.org
Thu Nov 17 14:34:52 CET 2005
Author: laforge at netfilter.org
Date: 2005-11-17 14:34:51 +0100 (Thu, 17 Nov 2005)
New Revision: 4543
Modified:
trunk/iptables/extensions/libipt_conntrack.c
Log:
The conntrack match does not print any info for --ctproto, thus
breaking iptables-restore of any rules using this option. Below
patch adds output and closes bug #398. (Phil Oester)
Modified: trunk/iptables/extensions/libipt_conntrack.c
===================================================================
--- trunk/iptables/extensions/libipt_conntrack.c 2005-11-17 13:07:08 UTC (rev 4542)
+++ trunk/iptables/extensions/libipt_conntrack.c 2005-11-17 13:34:51 UTC (rev 4543)
@@ -442,6 +442,13 @@
print_state(sinfo->statemask);
}
+ if(sinfo->flags & IPT_CONNTRACK_PROTO) {
+ printf("%sctproto ", optpfx);
+ if (sinfo->invflags & IPT_CONNTRACK_PROTO)
+ printf("! ");
+ printf("%u ", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
+ }
+
if(sinfo->flags & IPT_CONNTRACK_ORIGSRC) {
printf("%sctorigsrc ", optpfx);
More information about the netfilter-cvslog
mailing list