[PATCH] iptables: make 'iptables-save -M' actually work

[PATCH] iptables: make 'iptables-save -M' actually work

[Jiri Popelka]

also add missing bracket in iptables-save(8)
---
 iptables/ip6tables-save.c   | 2 +-
 iptables/iptables-save.8.in | 4 ++--
 iptables/iptables-save.c    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
index a86a64a..cf56c63 100644
--- a/iptables/ip6tables-save.c
+++ b/iptables/ip6tables-save.c
@@ -137,7 +137,7 @@ int ip6tables_save_main(int argc, char *argv[])
 	init_extensions6();
 #endif
 
-	while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "cdt:M:", options, NULL)) != -1) {
 		switch (c) {
 		case 'c':
 			show_counters = 1;
diff --git a/iptables/iptables-save.8.in b/iptables/iptables-save.8.in
index 5e939b1..7f99d8a 100644
--- a/iptables/iptables-save.8.in
+++ b/iptables/iptables-save.8.in
@@ -27,7 +27,7 @@ ip6tables-save \(em dump iptables rules to stdout
 [\fB\-t\fP \fItable\fP]
 .P
 \fBip6tables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
-[\fB\-t\fP \fItable\fP
+[\fB\-t\fP \fItable\fP]
 .SH DESCRIPTION
 .PP
 .B iptables-save
@@ -36,7 +36,7 @@ and
 are used to dump the contents of IP or IPv6 Table in easily parseable format
 to STDOUT. Use I/O-redirection provided by your shell to write to a file.
 .TP
-\fB\-M\fP \fImodprobe_program\fP
+\fB\-M\fR, \fB\-\-modprobe\fR \fImodprobe_program\fP
 Specify the path to the modprobe program. By default, iptables-save will
 inspect /proc/sys/kernel/modprobe to determine the executable's path.
 .TP
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index 2999c7f..ed81dfd 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -136,7 +136,7 @@ iptables_save_main(int argc, char *argv[])
 	init_extensions4();
 #endif
 
-	while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "cdt:M:", options, NULL)) != -1) {
 		switch (c) {
 		case 'c':
 			show_counters = 1;
-- 
1.8.5.3

Re: [PATCH] iptables: make 'iptables-save -M' actually work

[Pablo Neira Ayuso]

On Wed, Mar 12, 2014 at 02:16:09PM +0100, Jiri Popelka wrote:
> also add missing bracket in iptables-save(8)

Please, put this in a separated patch.

Could you also fix this in the nftables compat layer, please? See
iptables/xtables-save.c.

Most likely you'll need to define a struct xtables_afinfo for IPv4 and
IPv6 to set the .kmod field that points to nf_tables_ipv4 and
nf_tables_ipv6 respectively. Similar to what we use in
xtables-arp-standalone.c, and skip xtables_set_nfproto of course. This
is currently broken there.

Thanks.

Re: [PATCH] iptables: make 'iptables-save -M' actually work

[Jiri Popelka]

On 03/12/2014 02:50 PM, Pablo Neira Ayuso wrote:
> Could you also fix this in the nftables compat layer, please? See
> iptables/xtables-save.c.

done, I've sent a patch

> Most likely you'll need to define a struct xtables_afinfo for IPv4 and
> IPv6 to set the .kmod field that points to nf_tables_ipv4 and
> nf_tables_ipv6 respectively. Similar to what we use in
> xtables-arp-standalone.c, and skip xtables_set_nfproto of course. This
> is currently broken there.

I'm sorry I have no idea where to start. Could you do that ?

--
Jiri