Thu, 18 Oct 2001 23:27:06 -0700
On Fri, Oct 19, 2001 at 03:56:11AM +0200, Andreas Ferber wrote:
> Bens original patch wasn't that broken, as it checks for whitespace
> after the "-t", but it's still broken. Guess what happens if I happen
> to have a network interface named "-t" ("foo-t" will also trigger with
> Bens patch) and try to match it...
Oops, I knew I was missing something.
> It adds a new parameter restore_lineno to do_command, which takes the
> input line number from iptables-restore.c, iptables-standalone.c sets
> this to zero. If this parameter is >0, do_command refuses to accept a
> "-t" parameter and instead uses the initial value of *table (which is
> initialized correctly by iptables-restore.c). An additional side
> effect is that it is now possible to include the line number into
> error messages generated by do_command (currently only used in the new
> error message for "--table" with restore_lineno>0).
> The changes for ip6tables are similar.
I agree this is an excellent way of doing it just from the looks. I
haven't actually applied this patch yet to try it.
Ben Reser <email@example.com>
"To fight and conquer in all our battles is not supreme excellence.
Supreme excellence consists in breaking the enemy's resistance without
fighting." -Chinese philosopher Sun Tzu