diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-17 15:04:19 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:38 +0100 |
commit | 8dd2627afc462a2591c2f621743cae1a6b98d771 (patch) | |
tree | 6fc929005902edbe651702f38f26c3f55cbd9e3f /iptables/nft.c | |
parent | da07c930b9e2aaf8df24022a175b1774aa0bdd8b (diff) |
nft: fix selective chain display via -S
Before:
% xtables -S INPUT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -j ACCEPT
After:
$ xtables -S INPUT
-P INPUT ACCEPT
-A INPUT -p tcp -j ACCEPT
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 2b9598b9..d98b4538 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2526,8 +2526,9 @@ list_save(const struct iptables_command_state *cs, struct nft_rule *r, } static int -nft_rule_list_chain_save(struct nft_handle *h, const char *table, - struct nft_chain_list *list, int counters) +nft_rule_list_chain_save(struct nft_handle *h, const char *chain, + const char *table, struct nft_chain_list *list, + int counters) { struct nft_chain_list_iter *iter; struct nft_chain *c; @@ -2545,7 +2546,8 @@ nft_rule_list_chain_save(struct nft_handle *h, const char *table, uint32_t policy = nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_POLICY); - if (strcmp(table, chain_table) != 0) + if (strcmp(table, chain_table) != 0 || + (chain && strcmp(chain, chain_name) != 0)) goto next; /* this is a base chain */ @@ -2582,7 +2584,7 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain, /* Dump policies and custom chains first */ if (!rulenum) - nft_rule_list_chain_save(h, table, list, counters); + nft_rule_list_chain_save(h, chain, table, list, counters); /* Now dump out rules in this table */ iter = nft_chain_list_iter_create(list); |