Hi there, I found it useful to have a -W (weed-delete-chain) option in iptables.c. It basically does the same as "iptables -F chain" and "iptables -X chain" but in one step. Patch is attached in -burN format. The only bug I could find is that when you call "iptables -W" it rants at you with a wrong error message. However an "iptables -X" doesn't rant at all, so I don't worry :-)
-- Regards, Wiktor Wodecki | http://johoho.eggheads.org [EMAIL PROTECTED] | IRC: Johoho@IrcNET
diff -burN netfilter.orig/userspace/iptables.c netfilter/userspace/iptables.c
--- netfilter.orig/userspace/iptables.c Fri May 10 16:27:17 2002
+++ netfilter/userspace/iptables.c Wed May 22 20:31:22 2002
@@ -77,9 +77,10 @@
#define CMD_SET_POLICY 0x0400U
#define CMD_CHECK 0x0800U
#define CMD_RENAME_CHAIN 0x1000U
-#define NUMBER_OF_CMD 13
+#define CMD_WEEDDELETE_CHAIN 0x1200U
+#define NUMBER_OF_CMD 14
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E' };
+ 'N', 'X', 'P', 'E', 'W' };
#define OPTION_OFFSET 256
@@ -111,6 +112,7 @@
{ "new-chain", 1, 0, 'N' },
{ "delete-chain", 2, 0, 'X' },
{ "rename-chain", 2, 0, 'E' },
+ { "weed-delete-chain", 2, 0, 'W' },
{ "policy", 1, 0, 'P' },
{ "source", 1, 0, 's' },
{ "destination", 1, 0, 'd' },
@@ -170,7 +172,8 @@
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x'},
/*CHECK*/ {'x','+','+','+','x',' ','x',' ',' ',' ','x'},
-/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x'}
+/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
+/*WEEDDEL*/ {'x','x','x','x','x',' ','x','x','x','x','x'}
};
static int inverse_for_options[NUMBER_OF_OPT] =
@@ -339,7 +342,7 @@
" %s -[RI] chain rulenum rule-specification [options]\n"
" %s -D chain rulenum [options]\n"
" %s -[LFZ] [chain] [options]\n"
-" %s -[NX] chain\n"
+" %s -[NXW] chain\n"
" %s -E old-chain-name new-chain-name\n"
" %s -P chain target [options]\n"
" %s -h (print this help information)\n\n",
@@ -364,6 +367,8 @@
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
+" --weed-delete-chain\n"
+" -W [chain] Empty a chain before deleting a user-defined
+chain\n"
" --policy -P chain target\n"
" Change policy on chain to target\n"
" --rename-chain\n"
@@ -1682,7 +1687,7 @@
opterr = 0;
while ((c = getopt_long(argc, argv,
- "-A:C:D:R:I:L::F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:",
+ "-A:C:D:R:I:L::F::Z::N:X::E:W:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:",
opts, NULL)) != -1) {
switch (c) {
/*
@@ -1788,6 +1793,15 @@
cmd2char(CMD_RENAME_CHAIN));
break;
+ case 'W':
+ add_command(&command, CMD_WEEDDELETE_CHAIN, CMD_NONE,
+ invert);
+ if (optarg) chain = optarg;
+ else if (optind < argc && argv[optind][0] != '-'
+ && argv[optind][0] != '!')
+ chain = argv[optind++];
+ break;
+
case 'P':
add_command(&command, CMD_SET_POLICY, CMD_NONE,
invert);
@@ -2239,6 +2253,10 @@
break;
case CMD_SET_POLICY:
ret = iptc_set_policy(chain, policy, NULL, handle);
+ break;
+ case CMD_WEEDDELETE_CHAIN:
+ ret = flush_entries(chain, options&OPT_VERBOSE, handle);
+ ret = delete_chain(chain, options&OPT_VERBOSE, handle);
break;
default:
/* We should never reach this... */
msg01018/pgp00000.pgp
Description: PGP signature
