Hi there, I found it useful to have a -W (weed-delete-chain) option in iptables.c. It basically does the same as "iptables -F chain" and "iptables -X chain" but in one step. Patch is attached in -burN format. The only bug I could find is that when you call "iptables -W" it rants at you with a wrong error message. However an "iptables -X" doesn't rant at all, so I don't worry :-)
-- Regards, Wiktor Wodecki | http://johoho.eggheads.org [EMAIL PROTECTED] | IRC: Johoho@IrcNET
diff -burN netfilter.orig/userspace/iptables.c netfilter/userspace/iptables.c --- netfilter.orig/userspace/iptables.c Fri May 10 16:27:17 2002 +++ netfilter/userspace/iptables.c Wed May 22 20:31:22 2002 @@ -77,9 +77,10 @@ #define CMD_SET_POLICY 0x0400U #define CMD_CHECK 0x0800U #define CMD_RENAME_CHAIN 0x1000U -#define NUMBER_OF_CMD 13 +#define CMD_WEEDDELETE_CHAIN 0x1200U +#define NUMBER_OF_CMD 14 static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', - 'N', 'X', 'P', 'E' }; + 'N', 'X', 'P', 'E', 'W' }; #define OPTION_OFFSET 256 @@ -111,6 +112,7 @@ { "new-chain", 1, 0, 'N' }, { "delete-chain", 2, 0, 'X' }, { "rename-chain", 2, 0, 'E' }, + { "weed-delete-chain", 2, 0, 'W' }, { "policy", 1, 0, 'P' }, { "source", 1, 0, 's' }, { "destination", 1, 0, 'd' }, @@ -170,7 +172,8 @@ /*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, /*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x'}, /*CHECK*/ {'x','+','+','+','x',' ','x',' ',' ',' ','x'}, -/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x'} +/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x'}, +/*WEEDDEL*/ {'x','x','x','x','x',' ','x','x','x','x','x'} }; static int inverse_for_options[NUMBER_OF_OPT] = @@ -339,7 +342,7 @@ " %s -[RI] chain rulenum rule-specification [options]\n" " %s -D chain rulenum [options]\n" " %s -[LFZ] [chain] [options]\n" -" %s -[NX] chain\n" +" %s -[NXW] chain\n" " %s -E old-chain-name new-chain-name\n" " %s -P chain target [options]\n" " %s -h (print this help information)\n\n", @@ -364,6 +367,8 @@ " --new -N chain Create a new user-defined chain\n" " --delete-chain\n" " -X [chain] Delete a user-defined chain\n" +" --weed-delete-chain\n" +" -W [chain] Empty a chain before deleting a user-defined +chain\n" " --policy -P chain target\n" " Change policy on chain to target\n" " --rename-chain\n" @@ -1682,7 +1687,7 @@ opterr = 0; while ((c = getopt_long(argc, argv, - "-A:C:D:R:I:L::F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:", + "-A:C:D:R:I:L::F::Z::N:X::E:W:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:", opts, NULL)) != -1) { switch (c) { /* @@ -1788,6 +1793,15 @@ cmd2char(CMD_RENAME_CHAIN)); break; + case 'W': + add_command(&command, CMD_WEEDDELETE_CHAIN, CMD_NONE, + invert); + if (optarg) chain = optarg; + else if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') + chain = argv[optind++]; + break; + case 'P': add_command(&command, CMD_SET_POLICY, CMD_NONE, invert); @@ -2239,6 +2253,10 @@ break; case CMD_SET_POLICY: ret = iptc_set_policy(chain, policy, NULL, handle); + break; + case CMD_WEEDDELETE_CHAIN: + ret = flush_entries(chain, options&OPT_VERBOSE, handle); + ret = delete_chain(chain, options&OPT_VERBOSE, handle); break; default: /* We should never reach this... */
msg01018/pgp00000.pgp
Description: PGP signature