[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter-devel
Subject: [PATCH] iptables-restore doesn't load modules ip_tables.
From: "A. van Schie" <a.van.schie () quicknet ! nl>
Date: 2001-05-31 18:31:38
[Download RAW message or body]
I'm using iptables-restore to initialize my firewall rules.
But it fails when the module ip_tables is not already loaded.
The attached patch fixed that problem, by trying to load the module the same
way as iptables does it. I added also the --modprobe option, to set the
module loader (same as by iptables).
The patch includes also the same patch for ip6tables-restore (I didn't test
it, because I'm not a ipv6 user).
And I will remind you that you didn't patched the ipv6 part of the
"iptables-save-notarget.patch", probable because of lack of time, into CVS.
If you want I can mail a changed version (same as the ipv4 patch you did) to
you.
--
Andries van Schie
Let's make the linux-world a safer place to live in ;-)
["iptables-restore-insmod.patch" (text/x-c)]
diff -urN latest/netfilter/userspace/include/iptables_common.h \
ownlatest/netfilter/userspace/include/iptables_common.h
--- latest/netfilter/userspace/include/iptables_common.h Sat May 12 11:05:57 2001
+++ ownlatest/netfilter/userspace/include/iptables_common.h Thu May 31 19:14:52 2001
@@ -11,6 +11,7 @@
extern void exit_tryhelp(int) __attribute__((noreturn));
int check_inverse(const char option[], int *invert);
extern int string_to_number(const char *, int, int);
+extern int iptables_insmod(const char *modname, const char *modprobe);
void exit_error(enum exittype, char *, ...)__attribute__((noreturn,
format(printf,2,3)));
extern const char *program_name, *program_version;
diff -urN latest/netfilter/userspace/iptables-restore.c \
ownlatest/netfilter/userspace/iptables-restore.c
--- latest/netfilter/userspace/iptables-restore.c Thu May 31 19:22:41 2001
+++ ownlatest/netfilter/userspace/iptables-restore.c Thu May 31 19:28:29 2001
@@ -30,6 +30,7 @@
/* { "verbose", 1, 0, 'v' }, */
{ "help", 0, 0, 'h' },
{ "noflush", 0, 0, 'n'},
+ { "modprobe", 1, 0, 'M'},
{ 0 }
};
@@ -42,16 +43,24 @@
" [ --counters ]\n"
" [ --verbose ]\n"
" [ --help ]\n"
- " [ --noflush ]\n", name);
+ " [ --noflush ]\n"
+ " [ --modprobe=<command>]\n", name);
exit(1);
}
-iptc_handle_t create_handle(const char *tablename)
+iptc_handle_t create_handle(const char *tablename, const char* modprobe )
{
iptc_handle_t handle;
handle = iptc_init(tablename);
+
+ if (!handle) {
+ /* try to insmod the module if iptc_init failed */
+ iptables_insmod("ip_tables", modprobe);
+ handle = iptc_init(tablename);
+ }
+
if (!handle) {
exit_error(PARAMETER_PROBLEM, "%s: unable to initialize"
"table '%s'\n", program_name, tablename);
@@ -95,11 +104,12 @@
int c;
char curtable[IPT_TABLE_MAXNAMELEN + 1];
FILE *in;
+ const char *modprobe = 0;
program_name = "iptables-restore";
program_version = NETFILTER_VERSION;
- while ((c = getopt_long(argc, argv, "bcvhn", options, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
@@ -114,6 +124,9 @@
case 'n':
noflush = 1;
break;
+ case 'M':
+ modprobe = optarg;
+ break;
}
}
@@ -157,7 +170,7 @@
}
strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
- handle = create_handle(table);
+ handle = create_handle(table, modprobe);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
diff -urN latest/netfilter/userspace/iptables.c \
ownlatest/netfilter/userspace/iptables.c
--- latest/netfilter/userspace/iptables.c Thu May 24 16:51:37 2001
+++ ownlatest/netfilter/userspace/iptables.c Mon May 28 18:44:01 2001
@@ -1551,7 +1551,7 @@
return NULL;
}
-static int iptables_insmod(const char *modname, const char *modprobe)
+int iptables_insmod(const char *modname, const char *modprobe)
{
char *buf = NULL;
char *argv[3];
diff -urN latest/netfilter/userspace/include/ip6tables.h \
ownlatest/netfilter/userspace/include/ip6tables.h
--- latest/netfilter/userspace/include/ip6tables.h Sat May 12 11:05:57 2001
+++ ownlatest/netfilter/userspace/include/ip6tables.h Thu May 31 19:14:43 2001
@@ -122,5 +122,6 @@
extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), \
int verbose, int builtinstoo, ip6tc_handle_t *handle); extern int \
flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); \
extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t \
*handle); +extern int ip6tables_insmod(const char *modname, const char *modprobe);
#endif /*_IP6TABLES_USER_H*/
diff -urN latest/netfilter/userspace/ip6tables-restore.c \
ownlatest/netfilter/userspace/ip6tables-restore.c
--- latest/netfilter/userspace/ip6tables-restore.c Sat May 12 11:05:56 2001
+++ ownlatest/netfilter/userspace/ip6tables-restore.c Thu May 31 19:11:53 2001
@@ -35,6 +35,7 @@
/* { "verbose", 1, 0, 'v' }, */
{ "help", 0, 0, 'h' },
{ "noflush", 0, 0, 'n'},
+ { "modprobe", 1, 0, 'M'},
{ 0 }
};
@@ -47,16 +48,24 @@
" [ --counters ]\n"
" [ --verbose ]\n"
" [ --help ]\n"
- " [ --noflush ]\n", name);
+ " [ --noflush ]\n"
+ " [ --modprobe=<command>]\n", name);
exit(1);
}
-ip6tc_handle_t create_handle(const char *tablename)
+ip6tc_handle_t create_handle(const char *tablename, const char* modprobe)
{
ip6tc_handle_t handle;
handle = ip6tc_init(tablename);
+
+ if (!handle) {
+ /* try to insmod the module if iptc_init failed */
+ ip6tables_insmod("ip6_tables", modprobe);
+ handle = ip6tc_init(tablename);
+ }
+
if (!handle) {
exit_error(PARAMETER_PROBLEM, "%s: unable to initialize"
"table '%s'\n", program_name, tablename);
@@ -79,11 +88,12 @@
char curtable[IP6T_TABLE_MAXNAMELEN + 1];
char curchain[IP6T_FUNCTION_MAXNAMELEN + 1];
FILE *in;
+ const char *modprobe = 0;
program_name = "ip6tables-restore";
program_version = NETFILTER_VERSION;
- while ((c = getopt_long(argc, argv, "bcvhn", options, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
@@ -98,6 +108,9 @@
case 'n':
noflush = 1;
break;
+ case 'M':
+ modprobe = optarg;
+ break;
}
}
@@ -151,7 +164,7 @@
}
strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
- handle = create_handle(table);
+ handle = create_handle(table, modprobe);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
diff -urN latest/netfilter/userspace/ip6tables.c \
ownlatest/netfilter/userspace/ip6tables.c
--- latest/netfilter/userspace/ip6tables.c Thu May 31 19:22:41 2001
+++ ownlatest/netfilter/userspace/ip6tables.c Thu May 31 19:28:29 2001
@@ -1511,7 +1511,7 @@
return NULL;
}
-static int ip6tables_insmod(const char *modname, const char *modprobe)
+int ip6tables_insmod(const char *modname, const char *modprobe)
{
char *buf = NULL;
char *argv[3];
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic