diff options
author | Thomas Haller <thaller@redhat.com> | 2022-09-14 12:56:29 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2022-09-29 15:23:00 +0200 |
commit | 8ec2391f9a96503dd171767e5e729050b9b36a03 (patch) | |
tree | aaeb568549ea2f6738a10e4c2160ba8436e66964 | |
parent | 5235dce25960cf8b5e63d16e5369f709ac2da9e4 (diff) |
firewall-utils: move _append() macro to be used by other places
(cherry picked from commit 0a0c197916a015ec9872f8eaf22ed1e8fb6ffbf0)
(cherry picked from commit 49ae45f83897a22f1b1e22787c34a808ccb095a9)
-rw-r--r-- | src/core/nm-firewall-utils.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c index 65aacb1feb..ec443278b2 100644 --- a/src/core/nm-firewall-utils.c +++ b/src/core/nm-firewall-utils.c @@ -598,6 +598,8 @@ _fw_nft_call_sync(GBytes *stdin_buf, GError **error) /*****************************************************************************/ +#define _append(p_strbuf, fmt, ...) nm_str_buf_append_printf((p_strbuf), "" fmt "\n", ##__VA_ARGS__) + static GBytes * _fw_nft_set_shared_construct(gboolean up, const char *ip_iface, in_addr_t addr, guint8 plen) { @@ -610,8 +612,6 @@ _fw_nft_set_shared_construct(gboolean up, const char *ip_iface, in_addr_t addr, _share_iptables_subnet_to_str(str_subnet, addr, plen); -#define _append(p_strbuf, fmt, ...) nm_str_buf_append_printf((p_strbuf), "" fmt "\n", ##__VA_ARGS__) - _append(&strbuf, "add table ip %s", table_name); _append(&strbuf, "%s table ip %s", up ? "flush" : "delete", table_name); @@ -630,16 +630,15 @@ _fw_nft_set_shared_construct(gboolean up, const char *ip_iface, in_addr_t addr, /* This filter_input chain serves no real purpose, because "accept" only stops * evaluation of the current rule. It cannot fully accept the packet. Since * this chain has no other rules, it is useless in this form. + * + * _append(&strbuf, + * "add chain ip %s filter_input {" + * " type filter hook input priority 0; policy accept; " + * "};", + * table_name); + * _append(&strbuf, "add rule ip %s filter_input tcp dport { 67, 53 } accept;", table_name); + * _append(&strbuf, "add rule ip %s filter_input udp dport { 67, 53 } accept;", table_name); */ - /* - _append(&strbuf, - "add chain ip %s filter_input {" - " type filter hook input priority 0; policy accept; " - "};", - table_name); - _append(&strbuf, "add rule ip %s filter_input tcp dport { 67, 53 } accept;", table_name); - _append(&strbuf, "add rule ip %s filter_input udp dport { 67, 53 } accept;", table_name); - */ _append(&strbuf, "add chain ip %s filter_forward {" |