xtables-restore: add -4 and -6 support
Now you can specify:
xtables-restore -6 < my-ip6tables-ruleset
to restore the IPv6 rule-set.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/iptables/nft.c b/iptables/nft.c
index 273d083..88fd84b 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2630,7 +2630,7 @@
nlh->nlmsg_seq = seq = time(NULL);
struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
- nfg->nfgen_family = AF_INET;
+ nfg->nfgen_family = h->family;
nfg->version = NFNETLINK_V0;
nfg->res_id = 0;
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index c62b0a9..3b14a9f 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -36,6 +36,8 @@
{.name = "noflush", .has_arg = false, .val = 'n'},
{.name = "modprobe", .has_arg = true, .val = 'M'},
{.name = "table", .has_arg = true, .val = 'T'},
+ {.name = "ipv4", .has_arg = false, .val = '4'},
+ {.name = "ipv6", .has_arg = false, .val = '6'},
{NULL},
};
@@ -193,7 +195,7 @@
nft_init(&h);
- while ((c = getopt_long(argc, argv, "bcvthnM:T:", options, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "bcvthnM:T:46", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
@@ -220,6 +222,12 @@
case 'T':
tablename = optarg;
break;
+ case '4':
+ h.family = AF_INET;
+ break;
+ case '6':
+ h.family = AF_INET6;
+ break;
}
}
diff --git a/iptables/xtables.c b/iptables/xtables.c
index c311055..c0a6347 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1247,7 +1247,10 @@
break;
}
- h->family = family;
+ /* Set only if required, needed by xtables-restore */
+ if (h->family == AF_UNSPEC)
+ h->family = family;
+
h->ops = nft_family_ops_lookup(family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
