[Patches] iptables and ip6tables: Warning on use of -L

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello List,

I wrote two patches (one for iptables and one for ip6tables) to warn when -L is used. It encourages the use of iptables-save instead.
You can find them attached to this mail. I'm not subscribed to the list, so please CC me in any answers or send to me directly, too.
The changes are so short, that not license should be required.

The call to isatty() could set errno, if stdin is not a tty. The patches don't set errno to 0, if isatty() failed.

Kind regards

Noel

-- 
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
From 6b1de54f5deb2a535912340731425a983a439d5e Mon Sep 17 00:00:00 2001
From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Date: Fri, 30 Mar 2018 19:20:03 +0200
Subject: [PATCH 1/2] Print warning when using iptables -L/--list from a tty

---
 iptables/iptables.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/iptables/iptables.c b/iptables/iptables.c
index 69d19fec..5f4e9ac1 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -917,6 +917,10 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
 	unsigned int format;
 	const char *this;
 
+	if (isatty(fileno(stdin))) {
+		fprintf(stderr, "Warning: do not use iptables to list the rules. Use iptables-save instead.\n");
+	}
+
 	format = FMT_OPTIONS;
 	if (!verbose)
 		format |= FMT_NOCOUNTS;
-- 
2.16.3

From 0bbb5033ee524f247f625126a32e92d4fb37f8c2 Mon Sep 17 00:00:00 2001
From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Date: Fri, 30 Mar 2018 19:20:12 +0200
Subject: [PATCH 2/2] Print warning when using ip6tables -L/--list from a tty

---
 iptables/ip6tables.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 49bd006f..e9052736 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -933,6 +933,10 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
 	unsigned int format;
 	const char *this;
 
+	if (isatty(fileno(stdin))) {
+		fprintf(stderr, "Warning: do not use ip6tables to list the rules. Use ip6tables-save instead.\n");
+	}
+
 	format = FMT_OPTIONS;
 	if (!verbose)
 		format |= FMT_NOCOUNTS;
-- 
2.16.3

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux