Extend ipset option syntax to support specifying directions inplace.
[project/firewall3.git] / iptables.c
index 4ae8875..e1ad2d4 100644 (file)
@@ -795,29 +795,35 @@ fw3_ipt_rule_limit(struct fw3_ipt_rule *r, struct fw3_limit *limit)
 }
 
 void
-fw3_ipt_rule_ipset(struct fw3_ipt_rule *r, struct fw3_ipset *ipset,
-                   bool invert)
+fw3_ipt_rule_ipset(struct fw3_ipt_rule *r, struct fw3_setmatch *match)
 {
        char buf[sizeof("dst,dst,dst\0")];
        char *p = buf;
+       int i = 0;
 
+       struct fw3_ipset *set;
        struct fw3_ipset_datatype *type;
 
-       if (!ipset)
+       if (!match || !match->set || !match->ptr)
                return;
 
-       list_for_each_entry(type, &ipset->datatypes, list)
+       set = match->ptr;
+       list_for_each_entry(type, &set->datatypes, list)
        {
+               if (i >= 3)
+                       break;
+
                if (p > buf)
                        *p++ = ',';
 
-               p += sprintf(p, "%s", type->dest ? "dst" : "src");
+               p += sprintf(p, "%s", match->dir[i] ? match->dir[i] : type->dir);
+               i++;
        }
 
        fw3_ipt_rule_addarg(r, false, "-m", "set");
 
-       fw3_ipt_rule_addarg(r, invert, "--match-set",
-                           ipset->external ? ipset->external : ipset->name);
+       fw3_ipt_rule_addarg(r, match->invert, "--match-set",
+                           set->external ? set->external : set->name);
 
        fw3_ipt_rule_addarg(r, false, buf, NULL);
 }
@@ -1082,10 +1088,6 @@ rule_print4(struct ipt_entry *e)
 static void
 rule_print(struct fw3_ipt_rule *r, const char *chain)
 {
-       struct xtables_rule_match *rm;
-       struct xtables_match *m;
-       struct xtables_target *t;
-
        debug(r->h, "-A %s", chain);
 
 #ifndef DISABLE_IPV6
@@ -1095,23 +1097,8 @@ rule_print(struct fw3_ipt_rule *r, const char *chain)
 #endif
                rule_print4(&r->e);
 
-       for (rm = r->matches; rm; rm = rm->next)
-       {
-               m = rm->match;
-               printf(" -m %s", fw3_xt_get_match_name(m));
-
-               if (m->save)
-                       m->save(&r->e.ip, m->m);
-       }
-
-       if (r->target)
-       {
-               t = r->target;
-               printf(" -j %s", fw3_xt_get_target_name(t));
-
-               if (t->save)
-                       t->save(&r->e.ip, t->t);
-       }
+       fw3_xt_print_matches(&r->e.ip, r->matches);
+       fw3_xt_print_target(&r->e.ip, r->target);
 
        printf("\n");
 }