Add debug prints for policy setting, don't commit ruleset in print mode

author Jo-Philipp Wich <jow@openwrt.org>

Thu, 16 May 2013 19:46:51 +0000 (21:46 +0200)

committer Jo-Philipp Wich <jow@openwrt.org>

Fri, 17 May 2013 12:36:34 +0000 (14:36 +0200)
author Jo-Philipp Wich <jow@openwrt.org>
Thu, 16 May 2013 19:46:51 +0000 (21:46 +0200)
committer Jo-Philipp Wich <jow@openwrt.org>
Fri, 17 May 2013 12:36:34 +0000 (14:36 +0200)
diff --git a/iptables.c b/iptables.c

index 9c5f80a067b1e92d1b0a80e5ff5657cbae84153b..fd230d30eb7ee36316d09bfa26f75016b4cd5868 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -105,6 +105,9 @@ void
  fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
                     enum fw3_flag policy)
  {
+       if (fw3_pr_debug)
+               printf("-P %s %s\n", chain, fw3_flag_names[policy]);
+
         if (h->family == FW3_FAMILY_V6)
                 ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
         else
diff --git a/main.c b/main.c

index a2b80be4444c1eb90719f5fcaa6fb2cb1ff020ce..116050ae060bcd2d9a8d3a22f22bb1263b5201b2 100644 (file)
--- a/main.c
+++ b/main.c
@@ -287,7 +287,8 @@ start(void)
                         fw3_print_zone_rules(handle, cfg_state, false);
                         fw3_print_default_tail_rules(handle, cfg_state, false);
  
-                       fw3_ipt_commit(handle);
+                       if (!print_rules)
+                               fw3_ipt_commit(handle);
                 }
  
                 //fw3_print_includes(cfg_state, family, false);
@@ -510,6 +511,7 @@ int main(int argc, char **argv)
  
                 cfg_state->disable_ipsets = true;
                 print_rules = true;
+               fw3_pr_debug = true;
  
                 rv = start();
         }
author	Jo-Philipp Wich <jow@openwrt.org>
	Thu, 16 May 2013 19:46:51 +0000 (21:46 +0200)
committer	Jo-Philipp Wich <jow@openwrt.org>
	Fri, 17 May 2013 12:36:34 +0000 (14:36 +0200)
iptables.c		patch \| blob \| history
main.c		patch \| blob \| history