@@ -135,7 +135,7 @@ int nft_compatible_revision(const char *name, uint8_t rev, int opt);
const char *nft_strerror(int err);
/* For xtables.c */
-int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table);
+int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, bool restore);
/* For xtables-arptables.c */
int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table);
@@ -442,7 +442,8 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
for (a = 0; a < newargc; a++)
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
- ret = do_commandx(&h, newargc, newargv, &newargv[2]);
+ ret = do_commandx(&h, newargc, newargv,
+ &newargv[2], true);
if (ret < 0) {
ret = nft_abort(&h);
if (ret < 0) {
@@ -70,7 +70,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
exit(EXIT_FAILURE);
}
- ret = do_commandx(&h, argc, argv, &table);
+ ret = do_commandx(&h, argc, argv, &table, false);
if (ret)
ret = nft_commit(&h);
@@ -678,7 +678,8 @@ static void command_match(struct iptables_command_state *cs)
xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
-int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table)
+int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
+ bool restore)
{
struct iptables_command_state cs;
int verbose = 0;
@@ -1001,6 +1002,14 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table)
prog_name, prog_vers);
exit(0);
+ case 'w':
+ if (restore) {
+ xtables_error(PARAMETER_PROBLEM,
+ "You cannot use `-w' from "
+ "iptables-restore");
+ }
+ break;
+
case '0':
set_option(&cs.options, OPT_LINENUMBERS,
&args.invflags, cs.invert);
Just to keep aligned with iptables legacy tool. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> --- iptables/nft.h | 2 +- iptables/xtables-restore.c | 3 ++- iptables/xtables-standalone.c | 2 +- iptables/xtables.c | 11 ++++++++++- 4 files changed, 14 insertions(+), 4 deletions(-)