Hi Daniel,
From: Daniel Wagner <daniel.wag...@bmw-carit.de>
---
src/iptables.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/iptables.c b/src/iptables.c
index 93778fa..66a7d2a 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -275,6 +275,19 @@ static int target_to_verdict(const char *target_name)
return 0;
}
+static int target_to_policy(const char *policy_name)
+{
+ int verdict;
+
+ verdict = target_to_verdict(policy_name);
+
+ /* Only ACCEPT or DROP are valid chain policies */
+ if (verdict == (-NF_ACCEPT - 1) || verdict == (-NF_DROP - 1))
+ return verdict;
+
+ return 0;
+}
+
static gboolean is_builtin_target(const char *target_name)
{
if (!strcmp(target_name, LABEL_ACCEPT) ||
@@ -1060,7 +1073,7 @@ static int iptables_change_policy(struct connman_iptables
*table,
struct xt_standard_target *t;
int verdict;
- verdict = target_to_verdict(policy);
+ verdict = target_to_policy(policy);
if (verdict == 0)
return -EINVAL;
No need of target_to_policy() just add the check about accept/drop
(which is valid) after verdict == 0 and that's it.
Tomasz
_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman