Add debug prints for policy setting, don't commit ruleset in print mode
authorJo-Philipp Wich <jow@openwrt.org>
Thu, 16 May 2013 19:46:51 +0000 (21:46 +0200)
committerJo-Philipp Wich <jow@openwrt.org>
Fri, 17 May 2013 12:36:34 +0000 (14:36 +0200)
iptables.c
main.c

index 9c5f80a067b1e92d1b0a80e5ff5657cbae84153b..fd230d30eb7ee36316d09bfa26f75016b4cd5868 100644 (file)
@@ -105,6 +105,9 @@ void
 fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
                    enum fw3_flag policy)
 {
+       if (fw3_pr_debug)
+               printf("-P %s %s\n", chain, fw3_flag_names[policy]);
+
        if (h->family == FW3_FAMILY_V6)
                ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
        else
diff --git a/main.c b/main.c
index a2b80be4444c1eb90719f5fcaa6fb2cb1ff020ce..116050ae060bcd2d9a8d3a22f22bb1263b5201b2 100644 (file)
--- a/main.c
+++ b/main.c
@@ -287,7 +287,8 @@ start(void)
                        fw3_print_zone_rules(handle, cfg_state, false);
                        fw3_print_default_tail_rules(handle, cfg_state, false);
 
-                       fw3_ipt_commit(handle);
+                       if (!print_rules)
+                               fw3_ipt_commit(handle);
                }
 
                //fw3_print_includes(cfg_state, family, false);
@@ -510,6 +511,7 @@ int main(int argc, char **argv)
 
                cfg_state->disable_ipsets = true;
                print_rules = true;
+               fw3_pr_debug = true;
 
                rv = start();
        }