From 0e5dd73076c3dc23a6971784640dd7e36f99b6d5 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 26 May 2017 18:25:32 +0200 Subject: [PATCH] iptables: support -i, -o, -s and -d in option extra Allow "option extra" to specify "-i", "-o", "-s" and "-d" arguments which previously caused rules to get rejected with "Bad argument" errors. Partially fixes FS#806. Signed-off-by: Jo-Philipp Wich --- iptables.c | 41 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/iptables.c b/iptables.c index 319c5f6..d848239 100644 --- a/iptables.c +++ b/iptables.c @@ -75,8 +75,12 @@ struct fw3_ipt_rule { }; static struct option base_opts[] = { - { .name = "match", .has_arg = 1, .val = 'm' }, - { .name = "jump", .has_arg = 1, .val = 'j' }, + { .name = "match", .has_arg = 1, .val = 'm' }, + { .name = "jump", .has_arg = 1, .val = 'j' }, + { .name = "in-interface", .has_arg = 1, .val = 'i' }, + { .name = "out-interface", .has_arg = 1, .val = 'o' }, + { .name = "source", .has_arg = 1, .val = 's' }, + { .name = "destination", .has_arg = 1, .val = 'd' }, { NULL } }; @@ -1546,6 +1550,9 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...) struct xtables_target *et; struct xtables_globals *g; + struct fw3_device dev; + struct fw3_address addr; + enum xtables_exittype status; int i, optc; @@ -1573,7 +1580,7 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...) set_rule_tag(r); - while ((optc = getopt_long(r->argc, r->argv, "-:m:j:", g->opts, + while ((optc = getopt_long(r->argc, r->argv, "-:m:j:i:o:s:d:", g->opts, NULL)) != -1) { switch (optc) @@ -1601,6 +1608,34 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...) break; + case 'i': + case 'o': + if (!fw3_parse_device(&dev, optarg, false) || + dev.any || dev.invert || *dev.network) + { + warn("fw3_ipt_rule_append(): Bad argument '%s'", optarg); + goto free; + } + + dev.invert = inv; + fw3_ipt_rule_in_out(r, (optc == 'i') ? &dev : NULL, + (optc == 'o') ? &dev : NULL); + break; + + case 's': + case 'd': + if (!fw3_parse_address(&addr, optarg, false) || + addr.range || addr.invert) + { + warn("fw3_ipt_rule_append(): Bad argument '%s'", optarg); + goto free; + } + + addr.invert = inv; + fw3_ipt_rule_src_dest(r, (optc == 's') ? &addr : NULL, + (optc == 'd') ? &addr : NULL); + break; + case 1: if ((optarg[0] == '!') && (optarg[1] == '\0')) { -- 2.25.1