Phil Sutter <phil@xxxxxx> wrote: > Xtables-restore tries to reject rule commands in input which contain a > --table parameter (since it is adding this itself based on the previous > table line). The manual check was not perfect though as it caught any > parameter starting with a dash and containing a 't' somewhere, even in > rule comments: > > | *filter > | -A FORWARD -m comment --comment "- allow this one" -j ACCEPT > | COMMIT > > Instead of error-prone manual checking, go a much simpler route: All > do_command callbacks are passed a boolean indicating they're called from > *tables-restore. React upon this when handling a table parameter and > error out if it's not the first one. > > if (cs.invert) > xtables_error(PARAMETER_PROBLEM, > "unexpected ! flag before --table"); > + if (restore && *table) > + xtables_error(PARAMETER_PROBLEM, > + "The -t option (seen in line %u) cannot be used in %s.\n", > + line, xt_params->program_name); Oh, thats much better indeed. Acked-by: Florian Westphal <fw@xxxxxxxxx>
