mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-25 00:45:46 +00:00
537e65e7b7
All of the iptables functions eventually call down to a single bottom-level function, and fortunately, ip6tables syntax (for all the args that we use) is identical to iptables format (except the addresses), so all we need to do is: 1) Get an address family down to the lowest level function in each case, either implied through an address, or explicitly when no address is in the parameter list, and 2) At the lowest level, just decide whether to call "iptables" or "ip6tables" based on the family. The location of the ip6tables binary is determined at build time by autoconf. If a particular target system happens to not have ip6tables installed, any attempts to run it will generate an error, but that won't happen unless someone tries to define an IPv6 address for a network. This is identical behavior to IPv4 addresses and iptables.
122 lines
6.6 KiB
C
122 lines
6.6 KiB
C
/*
|
|
* Copyright (C) 2007, 2008 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*
|
|
* Authors:
|
|
* Mark McLoughlin <markmc@redhat.com>
|
|
*/
|
|
|
|
#ifndef __QEMUD_IPTABLES_H__
|
|
# define __QEMUD_IPTABLES_H__
|
|
|
|
# include "network.h"
|
|
|
|
typedef struct _iptablesContext iptablesContext;
|
|
|
|
iptablesContext *iptablesContextNew (void);
|
|
void iptablesContextFree (iptablesContext *ctx);
|
|
|
|
int iptablesAddTcpInput (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface,
|
|
int port);
|
|
int iptablesRemoveTcpInput (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface,
|
|
int port);
|
|
|
|
int iptablesAddUdpInput (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface,
|
|
int port);
|
|
int iptablesRemoveUdpInput (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface,
|
|
int port);
|
|
|
|
int iptablesAddForwardAllowOut (iptablesContext *ctx,
|
|
virSocketAddr *netaddr,
|
|
unsigned int prefix,
|
|
const char *iface,
|
|
const char *physdev);
|
|
int iptablesRemoveForwardAllowOut (iptablesContext *ctx,
|
|
virSocketAddr *netaddr,
|
|
unsigned int prefix,
|
|
const char *iface,
|
|
const char *physdev);
|
|
|
|
int iptablesAddForwardAllowRelatedIn(iptablesContext *ctx,
|
|
virSocketAddr *netaddr,
|
|
unsigned int prefix,
|
|
const char *iface,
|
|
const char *physdev);
|
|
int iptablesRemoveForwardAllowRelatedIn(iptablesContext *ctx,
|
|
virSocketAddr *netaddr,
|
|
unsigned int prefix,
|
|
const char *iface,
|
|
const char *physdev);
|
|
|
|
int iptablesAddForwardAllowIn (iptablesContext *ctx,
|
|
virSocketAddr *netaddr,
|
|
unsigned int prefix,
|
|
const char *iface,
|
|
const char *physdev);
|
|
int iptablesRemoveForwardAllowIn (iptablesContext *ctx,
|
|
virSocketAddr *netaddr,
|
|
unsigned int prefix,
|
|
const char *iface,
|
|
const char *physdev);
|
|
|
|
int iptablesAddForwardAllowCross (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface);
|
|
int iptablesRemoveForwardAllowCross (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface);
|
|
|
|
int iptablesAddForwardRejectOut (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface);
|
|
int iptablesRemoveForwardRejectOut (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface);
|
|
|
|
int iptablesAddForwardRejectIn (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface);
|
|
int iptablesRemoveForwardRejectIn (iptablesContext *ctx,
|
|
int family,
|
|
const char *iface);
|
|
|
|
int iptablesAddForwardMasquerade (iptablesContext *ctx,
|
|
virSocketAddr *netaddr,
|
|
unsigned int prefix,
|
|
const char *physdev,
|
|
const char *protocol);
|
|
int iptablesRemoveForwardMasquerade (iptablesContext *ctx,
|
|
virSocketAddr *netaddr,
|
|
unsigned int prefix,
|
|
const char *physdev,
|
|
const char *protocol);
|
|
int iptablesAddOutputFixUdpChecksum (iptablesContext *ctx,
|
|
const char *iface,
|
|
int port);
|
|
int iptablesRemoveOutputFixUdpChecksum (iptablesContext *ctx,
|
|
const char *iface,
|
|
int port);
|
|
|
|
#endif /* __QEMUD_IPTABLES_H__ */
|