From: Daniel Wagner <daniel.wagner@bmw-carit.de>
Date: Wed, 6 Mar 2013 15:08:53 +0000 (+0100)
Subject: iptables: Fix setting policy
X-Git-Tag: 1.13~114
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cbfa3977195dd62ba135e075513cf32c7318ea12;p=platform%2Fupstream%2Fconnman.git

iptables: Fix setting policy

The policy is kept at the end of the chain not at the beginning.
Currently, the code assumes that the builtin chain is empty.
---

diff --git a/src/iptables.c b/src/iptables.c
index 6dd944e..158dcf3 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1054,7 +1054,7 @@ static int iptables_delete_rule(struct connman_iptables *table,
 static int iptables_change_policy(struct connman_iptables *table,
 				const char *chain_name, const char *policy)
 {
-	GList *chain_head;
+	GList *chain_head, *chain_tail;
 	struct connman_iptables_entry *entry;
 	struct xt_entry_target *target;
 	struct xt_standard_target *t;
@@ -1072,6 +1072,11 @@ static int iptables_change_policy(struct connman_iptables *table,
 	if (entry->builtin < 0)
 		return -EINVAL;
 
+	chain_tail = find_chain_tail(table, chain_name);
+	if (chain_tail == NULL)
+		return -EINVAL;
+
+	entry = chain_tail->prev->data;
 	target = ipt_get_target(entry->entry);
 
 	t = (struct xt_standard_target *)target;