• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Author: Paul.Russell@rustcorp.com.au and mneuling@radlogic.com.au
3  *
4  * Based on the ipchains code by Paul Russell and Michael Neuling
5  *
6  * (C) 2000-2002 by the netfilter coreteam <coreteam@netfilter.org>:
7  * 		    Paul 'Rusty' Russell <rusty@rustcorp.com.au>
8  * 		    Marc Boucher <marc+nf@mbsi.ca>
9  * 		    James Morris <jmorris@intercode.com.au>
10  * 		    Harald Welte <laforge@gnumonks.org>
11  * 		    Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
12  *
13  *	iptables -- IP firewall administration for kernels with
14  *	firewall table (aimed for the 2.3 kernels)
15  *
16  *	See the accompanying manual page iptables(8) for information
17  *	about proper usage of this program.
18  *
19  *	This program is free software; you can redistribute it and/or modify
20  *	it under the terms of the GNU General Public License as published by
21  *	the Free Software Foundation; either version 2 of the License, or
22  *	(at your option) any later version.
23  *
24  *	This program is distributed in the hope that it will be useful,
25  *	but WITHOUT ANY WARRANTY; without even the implied warranty of
26  *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
27  *	GNU General Public License for more details.
28  *
29  *	You should have received a copy of the GNU General Public License
30  *	along with this program; if not, write to the Free Software
31  *	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32  */
33 
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <errno.h>
37 #include <string.h>
38 #include <iptables.h>
39 #include "xtables-multi.h"
40 #include "nft.h"
41 
42 static int
xtables_main(int family,const char * progname,int argc,char * argv[])43 xtables_main(int family, const char *progname, int argc, char *argv[])
44 {
45 	int ret;
46 	char *table = "filter";
47 	struct nft_handle h = {
48 		.family = family,
49 	};
50 
51 	xtables_globals.program_name = progname;
52 	ret = xtables_init_all(&xtables_globals, family);
53 	if (ret < 0) {
54 		fprintf(stderr, "%s/%s Failed to initialize xtables\n",
55 				xtables_globals.program_name,
56 				xtables_globals.program_version);
57 				exit(1);
58 	}
59 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
60 	init_extensions();
61 	init_extensions4();
62 #endif
63 
64 	if (nft_init(&h, xtables_ipv4) < 0) {
65 		fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
66 				xtables_globals.program_name,
67 				xtables_globals.program_version,
68 				strerror(errno));
69 		nft_fini(&h);
70 		exit(EXIT_FAILURE);
71 	}
72 
73 	ret = do_commandx(&h, argc, argv, &table, false);
74 	if (ret)
75 		ret = nft_commit(&h);
76 
77 	nft_fini(&h);
78 
79 	if (!ret) {
80 		if (errno == EINVAL) {
81 			fprintf(stderr, "iptables: %s. "
82 					"Run `dmesg' for more information.\n",
83 				nft_strerror(errno));
84 		} else {
85 			fprintf(stderr, "iptables: %s.\n",
86 				nft_strerror(errno));
87 		}
88 		if (errno == EAGAIN) {
89 			exit(RESOURCE_PROBLEM);
90 		}
91 	}
92 
93 	exit(!ret);
94 }
95 
xtables_ip4_main(int argc,char * argv[])96 int xtables_ip4_main(int argc, char *argv[])
97 {
98 	return xtables_main(NFPROTO_IPV4, "iptables", argc, argv);
99 }
100 
xtables_ip6_main(int argc,char * argv[])101 int xtables_ip6_main(int argc, char *argv[])
102 {
103 	return xtables_main(NFPROTO_IPV6, "ip6tables", argc, argv);
104 }
105