[iptables PATCH 1/2] iptables-restore: Drop dead code

[iptables PATCH 1/2] iptables-restore: Drop dead code

[Phil Sutter]

Handle initialization is guarded by 'in_table' boolean, so there can't
be a handle already (because the branch which unsets 'in_table' also
frees the handle).

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/iptables-restore.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index f11b2dc2fd316..530297383d50b 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -223,8 +223,6 @@ ip46tables_restore_main(const struct iptables_restore_cb *cb,
 				}
 				continue;
 			}
-			if (handle)
-				cb->ops->free(handle);
 
 			handle = create_handle(cb, table);
 			if (noflush == 0) {
-- 
2.40.0

[iptables PATCH 2/2] iptables-apply: Eliminate shellcheck warnings

[Phil Sutter]

Actual warnings were only about use of '-a' in bracket expressions
(replace by '&&' pipeline) and the immediate evaluation of the variable
in trap command.

The remaining changes silence info-level messages: missing quoting
around variables, pointless '$' in arithmetic expressions, backticks
instead of $(...), missing '-r' parameter when calling read and an
awkward negated '-z' check.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/iptables-apply | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/iptables/iptables-apply b/iptables/iptables-apply
index 3a7df5e3cbc1f..c603fb2113ef3 100755
--- a/iptables/iptables-apply
+++ b/iptables/iptables-apply
@@ -141,9 +141,9 @@ for opt in $OPTS; do
 			;;
 		(*)
 			case "${OPT_STATE:-}" in
-				(SET_TIMEOUT) eval TIMEOUT=$opt;;
+				(SET_TIMEOUT) eval TIMEOUT="$opt";;
 				(SET_SAVEFILE)
-					eval SAVEFILE=$opt
+					eval SAVEFILE="$opt"
 					[ -z "$SAVEFILE" ] && SAVEFILE="$DEF_SAVEFILE"
 					;;
 			esac
@@ -163,13 +163,13 @@ done
 
 # Validate parameters
 if [ "$TIMEOUT" -ge 0 ] 2>/dev/null; then
-	TIMEOUT=$(($TIMEOUT))
+	TIMEOUT=$((TIMEOUT))
 else
 	echo "Error: timeout must be a positive number" >&2
 	exit 1
 fi
 
-if [ -n "$SAVEFILE" -a -e "$SAVEFILE" -a ! -w "$SAVEFILE" ]; then
+if [ -n "$SAVEFILE" ] && [ -e "$SAVEFILE" ] && [ ! -w "$SAVEFILE" ]; then
 	echo "Error: savefile not writable: $SAVEFILE" >&2
 	exit 8
 fi
@@ -205,8 +205,8 @@ esac
 ### Begin work
 
 # Store old iptables rules to temporary file
-TMPFILE=`mktemp /tmp/$PROGNAME-XXXXXXXX`
-trap "rm -f $TMPFILE" EXIT HUP INT QUIT ILL TRAP ABRT BUS \
+TMPFILE=$(mktemp "/tmp/$PROGNAME-XXXXXXXX")
+trap 'rm -f $TMPFILE' EXIT HUP INT QUIT ILL TRAP ABRT BUS \
 		      FPE USR1 SEGV USR2 PIPE ALRM TERM
 
 if ! "$SAVE" >"$TMPFILE"; then
@@ -257,13 +257,13 @@ esac
 # Prompt user for confirmation
 echo -n "Can you establish NEW connections to the machine? (y/N) "
 
-read -n1 -t "$TIMEOUT" ret 2>&1 || :
+read -r -n1 -t "$TIMEOUT" ret 2>&1 || :
 case "${ret:-}" in
 	(y*|Y*)
 		# Success
 		echo
 
-		if [ ! -z "$SAVEFILE" ]; then
+		if [ -n "$SAVEFILE" ]; then
 			# Write successfully applied rules to the savefile
 			echo "Writing successfully applied rules to '$SAVEFILE'..."
 			if ! "$SAVE" >"$SAVEFILE"; then
-- 
2.40.0

Re: [iptables PATCH 1/2] iptables-restore: Drop dead code

[Phil Sutter]

On Tue, Aug 01, 2023 at 05:15:16PM +0200, Phil Sutter wrote:
> Handle initialization is guarded by 'in_table' boolean, so there can't
> be a handle already (because the branch which unsets 'in_table' also
> frees the handle).
> 
> Signed-off-by: Phil Sutter <phil@nwl.cc>

Series applied.