[connman] Use protocol prefix with dot separator in firewall conf. JB…

…#42675 This commit makes firewall configuration a bit more closer to the rest of the connman configuration file formats to preserve consistency. This changes to use following format in the firewall configuration: Rules with key: PROTOCOL.CHAIN.RULES Policies with key: PROTOCOL.CHAIN.POLICY For example, IPv4 chain OUTPUT policy for DROP packets would be: IPv4.OUTPUT.POLICY = DROP And rules for the same chain: IPv4.OUTPUT.RULES = -p tcp -m tcp --dport 80 -j ACCEPT
sailfishos · Dec 4, 2018 · 39d02c6 · 39d02c6
1 parent 474dfe0
commit 39d02c6
Showing 1 changed file with 12 additions and 12 deletions.
diff --git a/connman/src/firewall.c b/connman/src/firewall.c
@@ -98,33 +98,33 @@ static struct firewall_context *tethering_firewall = NULL;
 
 static const char *supported_chains[] = {
 	[NF_IP_PRE_ROUTING]	= NULL,
-	[NF_IP_LOCAL_IN]	= "INPUT",
-	[NF_IP_FORWARD]		= "FORWARD",
-	[NF_IP_LOCAL_OUT]	= "OUTPUT",
+	[NF_IP_LOCAL_IN]	= "IPv4.INPUT.RULES",
+	[NF_IP_FORWARD]		= "IPv4.FORWARD.RULES",
+	[NF_IP_LOCAL_OUT]	= "IPv4.OUTPUT.RULES",
 	[NF_IP_POST_ROUTING]	= NULL,
 };
 
 static const char *supported_chainsv6[] = {
 	[NF_IP_PRE_ROUTING]	= NULL,
-	[NF_IP_LOCAL_IN]	= "INPUT_IPv6",
-	[NF_IP_FORWARD]		= "FORWARD_IPv6",
-	[NF_IP_LOCAL_OUT]	= "OUTPUT_IPv6",
+	[NF_IP_LOCAL_IN]	= "IPv6.INPUT.RULES",
+	[NF_IP_FORWARD]		= "IPv6.FORWARD.RULES",
+	[NF_IP_LOCAL_OUT]	= "IPv6.OUTPUT.RULES",
 	[NF_IP_POST_ROUTING]	= NULL,
 };
 
 static const char *supported_policies[] = {
 	[NF_IP_PRE_ROUTING]	= NULL,
-	[NF_IP_LOCAL_IN]	= "INPUT_POLICY",
-	[NF_IP_FORWARD]		= "FORWARD_POLICY",
-	[NF_IP_LOCAL_OUT]	= "OUTPUT_POLICY",
+	[NF_IP_LOCAL_IN]	= "IPv4.INPUT.POLICY",
+	[NF_IP_FORWARD]		= "IPv4.FORWARD.POLICY",
+	[NF_IP_LOCAL_OUT]	= "IPv4.OUTPUT.POLICY",
 	[NF_IP_POST_ROUTING]	= NULL,
 };
 
 static const char *supported_policiesv6[] = {
 	[NF_IP_PRE_ROUTING]	= NULL,
-	[NF_IP_LOCAL_IN]	= "INPUT_POLICY_IPv6",
-	[NF_IP_FORWARD]		= "FORWARD_POLICY_IPv6",
-	[NF_IP_LOCAL_OUT]	= "OUTPUT_POLICY_IPv6",
+	[NF_IP_LOCAL_IN]	= "IPv6.INPUT.POLICY",
+	[NF_IP_FORWARD]		= "IPv6.FORWARD.POLICY",
+	[NF_IP_LOCAL_OUT]	= "IPv6.OUTPUT.POLICY",
 	[NF_IP_POST_ROUTING]	= NULL,
 };