f5f4952bf129817bab48fa3fe72254be35bbe317
2 * firewall3 - 3rd OpenWrt UCI firewall implementation
4 * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 struct fw3_ipt_handle
*
23 fw3_ipt_open(enum fw3_family family
, enum fw3_table table
)
25 struct fw3_ipt_handle
*h
;
27 h
= malloc(sizeof(*h
));
32 if (family
== FW3_FAMILY_V6
)
34 h
->family
= FW3_FAMILY_V6
;
36 h
->handle
= ip6tc_init(fw3_flag_names
[table
]);
40 h
->family
= FW3_FAMILY_V4
;
42 h
->handle
= iptc_init(fw3_flag_names
[table
]);
54 void fw3_ipt_set_policy(struct fw3_ipt_handle
*h
, enum fw3_flag policy
)
56 if (h
->table
!= FW3_TABLE_FILTER
)
59 if (h
->family
== FW3_FAMILY_V6
)
61 ip6tc_set_policy("INPUT", fw3_flag_names
[policy
], NULL
, h
->handle
);
62 ip6tc_set_policy("OUTPUT", fw3_flag_names
[policy
], NULL
, h
->handle
);
63 ip6tc_set_policy("FORWARD", fw3_flag_names
[policy
], NULL
, h
->handle
);
67 iptc_set_policy("INPUT", fw3_flag_names
[policy
], NULL
, h
->handle
);
68 iptc_set_policy("OUTPUT", fw3_flag_names
[policy
], NULL
, h
->handle
);
69 iptc_set_policy("FORWARD", fw3_flag_names
[policy
], NULL
, h
->handle
);
73 void fw3_ipt_delete_chain(struct fw3_ipt_handle
*h
, const char *chain
)
75 if (h
->family
== FW3_FAMILY_V6
)
77 if (ip6tc_flush_entries(chain
, h
->handle
))
78 ip6tc_delete_chain(chain
, h
->handle
);
82 if (iptc_flush_entries(chain
, h
->handle
))
83 iptc_delete_chain(chain
, h
->handle
);
87 void fw3_ipt_delete_rules(struct fw3_ipt_handle
*h
, const char *target
)
90 const struct ipt_entry
*e
;
91 const struct ip6t_entry
*e6
;
96 if (h
->family
== FW3_FAMILY_V6
)
98 for (chain
= ip6tc_first_chain(h
->handle
);
100 chain
= ip6tc_next_chain(h
->handle
))
105 for (num
= 0, e6
= ip6tc_first_rule(chain
, h
->handle
);
107 num
++, e6
= ip6tc_next_rule(e6
, h
->handle
))
109 t
= ip6tc_get_target(e6
, h
->handle
);
111 if (*t
&& !strcmp(t
, target
))
113 ip6tc_delete_num_entry(chain
, num
, h
->handle
);
123 for (chain
= iptc_first_chain(h
->handle
);
125 chain
= iptc_next_chain(h
->handle
))
130 for (num
= 0, e
= iptc_first_rule(chain
, h
->handle
);
132 num
++, e
= iptc_next_rule(e
, h
->handle
))
134 t
= iptc_get_target(e
, h
->handle
);
136 if (*t
&& !strcmp(t
, target
))
138 iptc_delete_num_entry(chain
, num
, h
->handle
);
148 void fw3_ipt_flush(struct fw3_ipt_handle
*h
)
152 if (h
->family
== FW3_FAMILY_V6
)
154 for (chain
= ip6tc_first_chain(h
->handle
);
156 chain
= ip6tc_next_chain(h
->handle
))
158 ip6tc_flush_entries(chain
, h
->handle
);
161 for (chain
= ip6tc_first_chain(h
->handle
);
163 chain
= ip6tc_next_chain(h
->handle
))
165 ip6tc_delete_chain(chain
, h
->handle
);
170 for (chain
= iptc_first_chain(h
->handle
);
172 chain
= iptc_next_chain(h
->handle
))
174 iptc_flush_entries(chain
, h
->handle
);
177 for (chain
= iptc_first_chain(h
->handle
);
179 chain
= iptc_next_chain(h
->handle
))
181 iptc_delete_chain(chain
, h
->handle
);
186 void fw3_ipt_commit(struct fw3_ipt_handle
*h
)
188 if (h
->family
== FW3_FAMILY_V6
)
189 ip6tc_commit(h
->handle
);
191 iptc_commit(h
->handle
);