iptables -i, -o in user-defined chains?
Marc Boucher
marc@mbsi.ca
Sun, 20 Feb 2000 21:08:03 -0500
> In message <200002202344.SAA16531@opium.mbsi.ca> you write:
> > iptables -A INPACC -i eth2 -p udp --dport ntp -j ACCEPT
> > iptables v0.90.1: Can't use -i with INPACC
>
> Reverse the tests: ie. disallow -i for POSTROUTING and OUTPUT, and -o
> for PREROUTING and INPUT.
>
> They are an ad-hoc `stupidity-catcher' thing anyway.
Right. New patch checked in.
>
> Thanks,
> Rusty.
> PS. Marc, are you looking at FTP? If not, I will...
Feel free, it's your new code afterall ;-)
Marc
Index: packet-filter/userspace/iptables.c
===================================================================
RCS file: /cvsroot/netfilter/packet-filter/userspace/iptables.c,v
retrieving revision 1.4.4.8
diff -u -r1.4.4.8 iptables.c
--- iptables.c 2000/02/17 07:23:40 1.4.4.8
+++ iptables.c 2000/02/21 02:01:43
@@ -1813,25 +1813,23 @@
|| command == CMD_DELETE
|| command == CMD_INSERT
|| command == CMD_REPLACE) {
- /* -i only valid with incoming packets. */
- if (strcmp(chain, "PREROUTING") != 0
- && strcmp(chain, "FORWARD") != 0
- && strcmp(chain, "INPUT") != 0) {
- if (options & OPT_VIANAMEIN)
+ /* -o not valid with incoming packets. */
+ if (options & OPT_VIANAMEOUT)
+ if (strcmp(chain, "PREROUTING") == 0
+ || strcmp(chain, "INPUT") == 0) {
exit_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
- opt2char(OPT_VIANAMEIN),
+ opt2char(OPT_VIANAMEOUT),
chain);
}
- /* -o only valid with outgoing packets */
- if (strcmp(chain, "POSTROUTING") != 0
- && strcmp(chain, "FORWARD") != 0
- && strcmp(chain, "OUTPUT") != 0) {
- if (options & OPT_VIANAMEOUT)
+ /* -i not valid with outgoing packets */
+ if (options & OPT_VIANAMEIN)
+ if (strcmp(chain, "POSTROUTING") == 0
+ || strcmp(chain, "OUTPUT") == 0) {
exit_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
- opt2char(OPT_VIANAMEOUT),
+ opt2char(OPT_VIANAMEIN),
chain);
}