From: Daniel Wagner <[email protected]>
The policy is kept at the end of the chain not at the beginning.
Currently, the code assumes that the builtin chain is empty.
---
src/iptables.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/iptables.c b/src/iptables.c
index 135577a..93778fa 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1054,7 +1054,7 @@ static int iptables_delete_rule(struct connman_iptables
*table,
static int iptables_change_policy(struct connman_iptables *table,
const char *chain_name, const char *policy)
{
- GList *chain_head;
+ GList *chain_head, *chain_tail;
struct connman_iptables_entry *entry;
struct xt_entry_target *target;
struct xt_standard_target *t;
@@ -1072,6 +1072,11 @@ static int iptables_change_policy(struct
connman_iptables *table,
if (entry->builtin < 0)
return -EINVAL;
+ chain_tail = find_chain_tail(table, chain_name);
+ if (chain_tail == NULL)
+ return -EINVAL;
+
+ entry = chain_tail->prev->data;
target = ipt_get_target(entry->entry);
t = (struct xt_standard_target *)target;
--
1.8.1.3.566.gaa39828
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
