skip "-p all" for ipv6 to avoid warning

2026-03-23 19:57:21 +01:00 · 2008-06-27 19:25:51 +00:00 · 2008-06-27 19:25:51 +00:00 · 73035aa66c
commit 73035aa66c
parent 1ce279e6ff
2 changed files with 30 additions and 19 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,8 +1,12 @@
 2008-06-27  Vadim Kurland  <vadim@vk.crocodile.org>

-	* ../src/ipt/PolicyCompiler_PrintRule.cpp (PrintRule::_printProtocol):
+	* PolicyCompiler_PrintRule.cpp (PrintRule::_printProtocol):
 	should use "-p ipv6-icmp" for ipv6 rules.

+	* PolicyCompiler_PrintRule.cpp (PrintRule::_printProtocol): skip
+	"-p all" for ipv6 to avoid warning "Warning: never matched
+	protocol: all. use exension match instead"
+
 2008-06-26  Vadim Kurland  <vadim@vk.crocodile.org>

 	* PolicyCompiler_PrintRule.cpp (PrintRule::_printIP): using
--- a/src/ipt/PolicyCompiler_PrintRule.cpp
+++ b/src/ipt/PolicyCompiler_PrintRule.cpp
@ -591,33 +591,40 @@ string PolicyCompiler_ipt::PrintRule::_printLimit(libfwbuilder::PolicyRule *rule
 string PolicyCompiler_ipt::PrintRule::_printProtocol(libfwbuilder::Service *srv)
 {
    PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
-    string version=compiler->fw->getStr("version");
+    string version = compiler->fw->getStr("version");
    string s;
-    if (! srv->isAny() &&
-        !CustomService::isA(srv) &&
-        !TagService::isA(srv) &&
-        !UserService::isA(srv)
-    )
+    if (! srv->isAny() && !CustomService::isA(srv) &&
+        !TagService::isA(srv) && !UserService::isA(srv))
    {
        string pn = srv->getProtocolName();
-        if (pn=="ip") pn="all";
-        
-        if (pn == "icmp")
-        {
-            if (ipt_comp->ipv6) s = "-p ipv6-icmp ";
-            else s = "-p icmp ";
+        if (pn=="ip") pn = "all";

-            if (ipt_comp->newIptables(version))
+        if (ipt_comp->ipv6)
+        { 
+            if (pn == "icmp")
            {
-                if (ipt_comp->ipv6) s += " -m icmp6";
-                else s += " -m icmp ";
+                s = "-p ipv6-icmp ";
+                if (ipt_comp->newIptables(version)) s += " -m icmp6";
+            } else
+            {
+                // ip6tables issues warning for commands using "-p all"
+                // Warning: never matched protocol: all. use exension match instead
+                // Skip "-p all" if ipv6
+                if (pn!="all") s = "-p " + pn + " ";
            }
        } else
        {
-            s = "-p " + pn + " ";
-            if (pn == "tcp")  s += "-m tcp ";
-            if (pn == "udp")  s += "-m udp ";
+            if (pn == "icmp")
+            {
+                s = "-p icmp ";
+                if (ipt_comp->newIptables(version)) s += " -m icmp ";
+            } else
+            {
+                s = "-p " + pn + " ";
+            }
        }
+        if (pn == "tcp")  s += "-m tcp ";
+        if (pn == "udp")  s += "-m udp ";
    }
    return s;
 }