2 * firewall3 - 3rd OpenWrt UCI firewall implementation
4 * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 struct fw3_ipt_handle *
23 fw3_ipt_open(enum fw3_family family, enum fw3_table table)
25 struct fw3_ipt_handle *h;
27 h = malloc(sizeof(*h));
32 if (family == FW3_FAMILY_V6)
34 h->family = FW3_FAMILY_V6;
36 h->handle = ip6tc_init(fw3_flag_names[table]);
40 h->family = FW3_FAMILY_V4;
42 h->handle = iptc_init(fw3_flag_names[table]);
54 void fw3_ipt_set_policy(struct fw3_ipt_handle *h, enum fw3_flag policy)
56 if (h->table != FW3_TABLE_FILTER)
59 if (h->family == FW3_FAMILY_V6)
61 ip6tc_set_policy("INPUT", fw3_flag_names[policy], NULL, h->handle);
62 ip6tc_set_policy("OUTPUT", fw3_flag_names[policy], NULL, h->handle);
63 ip6tc_set_policy("FORWARD", fw3_flag_names[policy], NULL, h->handle);
67 iptc_set_policy("INPUT", fw3_flag_names[policy], NULL, h->handle);
68 iptc_set_policy("OUTPUT", fw3_flag_names[policy], NULL, h->handle);
69 iptc_set_policy("FORWARD", fw3_flag_names[policy], NULL, h->handle);
73 void fw3_ipt_delete_chain(struct fw3_ipt_handle *h, const char *chain)
75 if (h->family == FW3_FAMILY_V6)
77 if (ip6tc_flush_entries(chain, h->handle))
78 ip6tc_delete_chain(chain, h->handle);
82 if (iptc_flush_entries(chain, h->handle))
83 iptc_delete_chain(chain, h->handle);
87 void fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target)
90 const struct ipt_entry *e;
91 const struct ip6t_entry *e6;
96 if (h->family == FW3_FAMILY_V6)
98 for (chain = ip6tc_first_chain(h->handle);
100 chain = ip6tc_next_chain(h->handle))
105 for (num = 0, e6 = ip6tc_first_rule(chain, h->handle);
107 num++, e6 = ip6tc_next_rule(e6, h->handle))
109 t = ip6tc_get_target(e6, h->handle);
111 if (*t && !strcmp(t, target))
113 ip6tc_delete_num_entry(chain, num, h->handle);
123 for (chain = iptc_first_chain(h->handle);
125 chain = iptc_next_chain(h->handle))
130 for (num = 0, e = iptc_first_rule(chain, h->handle);
132 num++, e = iptc_next_rule(e, h->handle))
134 t = iptc_get_target(e, h->handle);
136 if (*t && !strcmp(t, target))
138 iptc_delete_num_entry(chain, num, h->handle);
148 void fw3_ipt_flush(struct fw3_ipt_handle *h)
152 if (h->family == FW3_FAMILY_V6)
154 for (chain = ip6tc_first_chain(h->handle);
156 chain = ip6tc_next_chain(h->handle))
158 ip6tc_flush_entries(chain, h->handle);
161 for (chain = ip6tc_first_chain(h->handle);
163 chain = ip6tc_next_chain(h->handle))
165 ip6tc_delete_chain(chain, h->handle);
170 for (chain = iptc_first_chain(h->handle);
172 chain = iptc_next_chain(h->handle))
174 iptc_flush_entries(chain, h->handle);
177 for (chain = iptc_first_chain(h->handle);
179 chain = iptc_next_chain(h->handle))
181 iptc_delete_chain(chain, h->handle);
186 void fw3_ipt_commit(struct fw3_ipt_handle *h)
188 if (h->family == FW3_FAMILY_V6)
189 ip6tc_commit(h->handle);
191 iptc_commit(h->handle);