diff options
Diffstat (limited to 'iptables/xtables-save.c')
-rw-r--r-- | iptables/xtables-save.c | 32 |
1 files changed, 9 insertions, 23 deletions
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 3a52f8c3..d7901c65 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -32,7 +32,7 @@ #define prog_name xtables_globals.program_name #define prog_vers xtables_globals.program_version -static const char *ipt_save_optstring = "bcdt:M:f:46V"; +static const char *ipt_save_optstring = "bcdt:M:f:V"; static const struct option ipt_save_options[] = { {.name = "counters", .has_arg = false, .val = 'c'}, {.name = "version", .has_arg = false, .val = 'V'}, @@ -40,8 +40,6 @@ static const struct option ipt_save_options[] = { {.name = "table", .has_arg = true, .val = 't'}, {.name = "modprobe", .has_arg = true, .val = 'M'}, {.name = "file", .has_arg = true, .val = 'f'}, - {.name = "ipv4", .has_arg = false, .val = '4'}, - {.name = "ipv6", .has_arg = false, .val = '6'}, {NULL}, }; @@ -70,7 +68,6 @@ struct do_output_data { static int __do_output(struct nft_handle *h, const char *tablename, void *data) { - struct nftnl_chain_list *chain_list; struct do_output_data *d = data; time_t now; @@ -83,10 +80,6 @@ __do_output(struct nft_handle *h, const char *tablename, void *data) return 0; } - chain_list = nft_chain_list_get(h, tablename, NULL); - if (!chain_list) - return 0; - now = time(NULL); printf("# Generated by %s v%s on %s", prog_name, prog_vers, ctime(&now)); @@ -94,7 +87,7 @@ __do_output(struct nft_handle *h, const char *tablename, void *data) printf("*%s\n", tablename); /* Dump out chain names first, * thereby preventing dependency conflicts */ - nft_chain_save(h, chain_list); + nft_chain_foreach(h, tablename, nft_chain_save, h); nft_rule_save(h, tablename, d->format); if (d->commit) printf("COMMIT\n"); @@ -139,10 +132,8 @@ xtables_save_main(int family, int argc, char *argv[], struct do_output_data d = { .format = FMT_NOCOUNTS, }; + struct nft_handle h; bool dump = false; - struct nft_handle h = { - .family = family, - }; FILE *file = NULL; int ret, c; @@ -189,13 +180,6 @@ xtables_save_main(int family, int argc, char *argv[], case 'd': dump = true; break; - case '4': - h.family = AF_INET; - break; - case '6': - h.family = AF_INET6; - xtables_set_nfproto(AF_INET6); - break; case 'V': printf("%s v%s (nf_tables)\n", prog_name, prog_vers); exit(0); @@ -242,19 +226,21 @@ xtables_save_main(int family, int argc, char *argv[], return 1; } - if (nft_init(&h, tables) < 0) { + if (nft_init(&h, family, tables) < 0) { fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", xtables_globals.program_name, xtables_globals.program_version, strerror(errno)); exit(EXIT_FAILURE); } - h.ops = nft_family_ops_lookup(h.family); - if (!h.ops) - xtables_error(PARAMETER_PROBLEM, "Unknown family"); + + nft_cache_level_set(&h, NFT_CL_RULES, NULL); + nft_cache_build(&h); + nft_xt_fake_builtin_chains(&h, tablename, NULL); ret = do_output(&h, tablename, &d); nft_fini(&h); + xtables_fini(); if (dump) exit(0); |