#include "stc-manager.h"
#include "stc-error.h"
-#define FIREWALL_CHAIN_TARGET_IN "STC_IN"
-#define FIREWALL_CHAIN_TARGET_OUT "STC_OUT"
+#define FIREWALL_CHAIN_TARGET_IN "INPUT"
+#define FIREWALL_CHAIN_TARGET_OUT "OUTPUT"
#define FIREWALL_RULE_TARGET_ACCEPT "ACCEPT"
#define FIREWALL_RULE_TARGET_DROP "DROP"
#define FIREWALL_RULE_TARGET_LOG "LOG"
+#define FIREWALL_RULE_TARGET_NFLOG "NFLOG"
+
+#define RULE_CHAIN "chain"
+#define RULE_DIRECTION "direction"
+#define RULE_IFNAME "ifname"
+#define RULE_PROTOCOL "protocol"
+#define RULE_TARGET "target"
+#define RULE_TARGETTYPE "target_type"
+
+#define RULE_FAMILY "family"
+#define RULE_SIPTYPE "s_ip_type"
+#define RULE_SIP1 "s_ip1"
+#define RULE_SIP2 "s_ip2"
+#define RULE_DIPTYPE "d_ip_type"
+#define RULE_DIP1 "d_ip1"
+#define RULE_DIP2 "d_ip2"
+#define RULE_SPORTTYPE "s_port_type"
+#define RULE_SPORT1 "s_port1"
+#define RULE_SPORT2 "s_port2"
+#define RULE_DPORTTYPE "d_port_type"
+#define RULE_DPORT1 "d_port1"
+#define RULE_DPORT2 "d_port2"
+
+#define RULE_LOG_LEVEL "log_level"
+#define RULE_LOG_PREFIX "log_prefix"
+#define RULE_NFLOG_GROUP "nflog_group"
+#define RULE_NFLOG_PREFIX "nflog_prefix"
+#define RULE_NFLOG_RANGE "nflog_range"
+#define RULE_NFLOG_THRESHOLD "nflog_threshold"
typedef enum {
FIREWALL_UNKONWN,
char *ifname;
stc_fw_rule_target_e target;
char *target_str;
+ guchar log_level;
+ char *log_prefix;
+ guint nflog_group;
+ char *nflog_prefix;
+ guint nflog_range;
+ guint nflog_threshold;
char *identifier;
} firewall_rule_s;
stc_error_e firewall_chain_set(firewall_chain_s *chain);
stc_error_e firewall_chain_unset(firewall_chain_s *chain);
-stc_error_e firewall_rule_add(firewall_rule_s *rule);
+stc_error_e firewall_rule_append(firewall_rule_s *rule);
+stc_error_e firewall_rule_insert(firewall_rule_s *rule);
stc_error_e firewall_rule_remove(firewall_rule_s *rule);
#endif /*__STC_HELPER_FIREWALL_H__*/