#define STC_IPTABLES_DBUS_METHOD_IP6T_ADD_RULE "Ip6tAddRule"
#define STC_IPTABLES_DBUS_METHOD_IP6T_REMOVE_RULE "Ip6tRemoveRule"
-#define RULE_CHAIN "chain"
-#define RULE_TYPE "type"
-#define RULE_IFNAME "ifname"
-#define RULE_CGROUP "cgroup"
-#define RULE_NFACCT "nfacct"
-#define RULE_TARGET "target"
+#define RULE_CHAIN "chain"
+#define RULE_DIRECTION "direction"
+#define RULE_IFNAME "ifname"
+#define RULE_CGROUP "cgroup"
+#define RULE_NFACCT "nfacct"
+#define RULE_TARGET "target"
+#define RULE_SIPTYPE "s_ip_type"
+#define RULE_SIP1 "s_ip1"
+#define RULE_SIP2 "s_ip2"
+#define RULE_DIPTYPE "d_ip_type"
+#define RULE_DIP1 "d_ip1"
+#define RULE_DIP2 "d_ip2"
static void __add_rule_info_to_builder(GVariantBuilder *builder,
iptables_rule_s *rule)
g_variant_builder_add(builder, "{sv}", RULE_CHAIN,
g_variant_new_string(rule->chain));
- g_variant_builder_add(builder, "{sv}", RULE_TYPE,
- g_variant_new_uint32(rule->direction));
+ g_variant_builder_add(builder, "{sv}", RULE_DIRECTION,
+ g_variant_new_uint16(rule->direction));
if (rule->ifname)
g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
g_variant_builder_add(builder, "{sv}", RULE_TARGET,
g_variant_new_string(rule->target));
+ g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE,
+ g_variant_new_uint16(rule->s_iprange_type));
+
+ g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE,
+ g_variant_new_uint16(rule->d_iprange_type));
+
+ if (rule->s_ip1.s_addr)
+ g_variant_builder_add(builder, "{sv}", RULE_SIP1,
+ g_variant_new_uint32(rule->s_ip1.s_addr));
+
+ if (rule->s_ip2.s_addr)
+ g_variant_builder_add(builder, "{sv}", RULE_SIP2,
+ g_variant_new_uint32(rule->s_ip2.s_addr));
+
+ if (rule->d_ip1.s_addr)
+ g_variant_builder_add(builder, "{sv}", RULE_DIP1,
+ g_variant_new_uint32(rule->d_ip1.s_addr));
+
+ if (rule->d_ip2.s_addr)
+ g_variant_builder_add(builder, "{sv}", RULE_DIP2,
+ g_variant_new_uint32(rule->d_ip2.s_addr));
}
static int __iptables_rule_add(GDBusConnection *connection,
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully Add Rule [%d]", result);
+ if (STC_DEBUG_LOG)
+ STC_LOGD("Successfully Add Rule [%d:%s]", result, rule->nfacct_name);
g_variant_unref(message);
return STC_ERROR_NONE;
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully Remove Rule [%d]", result);
+ if (STC_DEBUG_LOG)
+ STC_LOGD("Successfully Remove Rule [%d:%s]", result, rule->nfacct_name);
g_variant_unref(message);
return STC_ERROR_NONE;
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully Add 6 Rule [%d]", result);
+ if (STC_DEBUG_LOG)
+ STC_LOGD("Successfully Add 6 Rule [%d:%s]", result, rule->nfacct_name);
g_variant_unref(message);
return STC_ERROR_NONE;
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully Remove 6 Rule [%d]", result);
+ if (STC_DEBUG_LOG)
+ STC_LOGD("Successfully Remove 6 Rule [%d:%s]", result, rule->nfacct_name);
g_variant_unref(message);
return STC_ERROR_NONE;
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully added ipv4 chain [%d]", result);
+ STC_LOGD("Successfully added ipv4 chain [%d:%s]", result, chain);
g_variant_unref(message);
return STC_ERROR_NONE;
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully added ipv6 chain [%d]", result);
+ STC_LOGD("Successfully added ipv6 chain [%d:%s]", result, chain);
g_variant_unref(message);
return STC_ERROR_NONE;
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully removed ipv4 chain [%d]", result);
+ STC_LOGD("Successfully removed ipv4 chain [%d:%s]", result, chain);
g_variant_unref(message);
return STC_ERROR_NONE;
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully removed ipv6 chain [%d]", result);
+ STC_LOGD("Successfully removed ipv6 chain [%d:%s]", result, chain);
g_variant_unref(message);
return STC_ERROR_NONE;
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully flushed ipv4 chain [%d]", result);
+ STC_LOGD("Successfully flushed ipv4 chain [%d:%s]", result, chain);
g_variant_unref(message);
return STC_ERROR_NONE;
}
g_variant_get(message, "(i)", &result);
- STC_LOGD("Successfully flushed ipv6 chain [%d]", result);
+ STC_LOGD("Successfully flushed ipv6 chain [%d:%s]", result, chain);
g_variant_unref(message);
return STC_ERROR_NONE;
iptables_rule.target = g_strdup(target);
iptables_rule.chain = g_strdup(chain);
- ret = iptables_add(&iptables_rule);
+ ret = iptables_add(&iptables_rule, IP_TYPE_IPV4_IPV6);
g_free(iptables_rule.target);
g_free(iptables_rule.chain);
return ret;
}
-stc_error_e iptables_add(iptables_rule_s *rule)
+static stc_error_e _iptables_add_in_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __iptables_add_chain(stc->connection, STC_IN_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_IN_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_IN_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_IN_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _iptables_add_out_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __iptables_add_chain(stc->connection, STC_OUT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_OUT_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_OUT_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain(stc->connection, STC_OUT_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _ip6tables_add_in_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __ip6tables_add_chain(stc->connection, STC_IN_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_IN_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_IN_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_IN_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _ip6tables_add_out_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __ip6tables_add_chain(stc->connection, STC_OUT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_OUT_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_OUT_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_add_chain(stc->connection, STC_OUT_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _iptables_add_in_chain_jump_rule(void)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _iptables_add_out_chain_jump_rule(void)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _iptables_remove_in_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __iptables_remove_chain(stc->connection, STC_IN_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_IN_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_IN_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_IN_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _iptables_remove_out_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __iptables_remove_chain(stc->connection, STC_OUT_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_OUT_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_OUT_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_remove_chain(stc->connection, STC_OUT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _ip6tables_remove_in_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_IN_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_IN_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_IN_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_IN_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _ip6tables_remove_out_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_OUT_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_OUT_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_OUT_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_remove_chain(stc->connection, STC_OUT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _iptables_flush_in_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __iptables_flush_chain(stc->connection, STC_IN_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_IN_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_IN_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_IN_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _iptables_flush_out_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __iptables_flush_chain(stc->connection, STC_OUT_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_OUT_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_OUT_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __iptables_flush_chain(stc->connection, STC_OUT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _ip6tables_flush_in_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_IN_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_IN_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_IN_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_IN_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+static stc_error_e _ip6tables_flush_out_chain(stc_s *stc)
+{
+ stc_error_e ret = STC_ERROR_NONE;
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_OUT_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_OUT_FG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_OUT_BG_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = __ip6tables_flush_chain(stc->connection, STC_OUT_CHAIN);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+done:
+ return ret;
+}
+
+stc_error_e iptables_add(iptables_rule_s *rule, iptables_ip_type_e iptype)
{
stc_error_e ret = STC_ERROR_NONE;
stc_s *stc = stc_get_manager();
if (!stc || !stc->connection)
return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
- ret = __iptables_rule_add(stc->connection, rule);
- if (ret != STC_ERROR_NONE)
- goto done; //LCOV_EXCL_LINE
+ if (iptype == IP_TYPE_IPV4 ||
+ iptype == IP_TYPE_IPV4_IPV6) {
+ ret = __iptables_rule_add(stc->connection, rule);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+ }
+
+ if (iptype == IP_TYPE_IPV6 ||
+ iptype == IP_TYPE_IPV4_IPV6)
+ ret = __ip6tables_rule_add(stc->connection, rule);
- ret = __ip6tables_rule_add(stc->connection, rule);
done:
return ret;
}
-stc_error_e iptables_remove(iptables_rule_s *rule)
+stc_error_e iptables_remove(iptables_rule_s *rule, iptables_ip_type_e iptype)
{
stc_error_e ret = STC_ERROR_NONE;
stc_s *stc = stc_get_manager();
if (!stc || !stc->connection)
return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
- ret = __iptables_rule_remove(stc->connection, rule);
- if (ret != STC_ERROR_NONE)
- goto done; //LCOV_EXCL_LINE
+ if (iptype == IP_TYPE_IPV4 ||
+ iptype == IP_TYPE_IPV4_IPV6) {
+ ret = __iptables_rule_remove(stc->connection, rule);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+ }
+
+ if (iptype == IP_TYPE_IPV6 ||
+ iptype == IP_TYPE_IPV4_IPV6)
+ ret = __ip6tables_rule_remove(stc->connection, rule);
- ret = __ip6tables_rule_remove(stc->connection, rule);
done:
return ret;
}
if (!stc || !stc->connection)
return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
- ret = __iptables_flush_chain(stc->connection, STC_IN_CHAIN);
+ ret = _iptables_flush_in_chain(stc);
if (ret != STC_ERROR_NONE)
goto done; //LCOV_EXCL_LINE
- ret = __iptables_flush_chain(stc->connection, STC_OUT_CHAIN);
+ ret = _iptables_flush_out_chain(stc);
if (ret != STC_ERROR_NONE)
goto done; //LCOV_EXCL_LINE
if (ret != STC_ERROR_NONE)
goto done; //LCOV_EXCL_LINE
- ret = __ip6tables_flush_chain(stc->connection, STC_IN_CHAIN);
+ ret = __iptables_flush_chain(stc->connection, STC_TETHER_CHAIN);
if (ret != STC_ERROR_NONE)
goto done; //LCOV_EXCL_LINE
- ret = __ip6tables_flush_chain(stc->connection, STC_OUT_CHAIN);
+ ret = _ip6tables_flush_in_chain(stc);
+ if (ret != STC_ERROR_NONE)
+ goto done; //LCOV_EXCL_LINE
+
+ ret = _ip6tables_flush_out_chain(stc);
if (ret != STC_ERROR_NONE)
goto done; //LCOV_EXCL_LINE
return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
}
- ret = __iptables_add_chain(stc->connection, STC_IN_CHAIN);
+ ret = _iptables_add_in_chain(stc);
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
- ret = __iptables_add_chain(stc->connection, STC_OUT_CHAIN);
+ ret = _iptables_add_out_chain(stc);
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
- ret = __ip6tables_add_chain(stc->connection, STC_IN_CHAIN);
+ ret = __iptables_add_chain(stc->connection, STC_TETHER_CHAIN);
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
- ret = __ip6tables_add_chain(stc->connection, STC_OUT_CHAIN);
+ ret = _ip6tables_add_in_chain(stc);
+ if (ret != STC_ERROR_NONE) {
+ __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
+ goto done; //LCOV_EXCL_LINE
+ }
+
+ ret = _ip6tables_add_out_chain(stc);
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
- ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_CHAIN);
+ ret = _iptables_add_in_chain_jump_rule();
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
- ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_CHAIN);
+ ret = _iptables_add_out_chain_jump_rule();
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
ret = __iptables_add_chain_jump_rule("FORWARD", STC_FRWD_CHAIN);
+ if (ret != STC_ERROR_NONE) {
+ __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
+ goto done; //LCOV_EXCL_LINE
+ }
+
+ ret = __iptables_add_chain_jump_rule("FORWARD", STC_TETHER_CHAIN);
+ if (ret != STC_ERROR_NONE) {
+ __STC_LOG_FUNC_EXIT__;
+ goto done;
+ }
+
done:
+ __STC_LOG_FUNC_ENTER__;
return ret;
}
return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
}
- ret = __iptables_remove_chain(stc->connection, STC_IN_CHAIN);
+ ret = _iptables_remove_in_chain(stc);
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
- ret = __iptables_remove_chain(stc->connection, STC_OUT_CHAIN);
+ ret = _iptables_remove_out_chain(stc);
+ if (ret != STC_ERROR_NONE) {
+ __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
+ goto done; //LCOV_EXCL_LINE
+ }
+
+ ret = __iptables_remove_chain(stc->connection, STC_TETHER_CHAIN);
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
- ret = __ip6tables_remove_chain(stc->connection, STC_IN_CHAIN);
+ ret = _ip6tables_remove_in_chain(stc);
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
- ret = __ip6tables_remove_chain(stc->connection, STC_OUT_CHAIN);
+ ret = _ip6tables_remove_out_chain(stc);
if (ret != STC_ERROR_NONE) {
__STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
goto done; //LCOV_EXCL_LINE
}
ret = __ip6tables_remove_chain(stc->connection, STC_FRWD_CHAIN);
+ if (ret != STC_ERROR_NONE) {
+ __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
+ goto done; //LCOV_EXCL_LINE
+ }
+
done:
+ __STC_LOG_FUNC_ENTER__;
return ret;
}