From 18af813cabf7b574dec86beedf0a335e5928eaaa Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 20 Jan 2013 23:23:29 +0100
Subject: xtables-restore: support test option `-t'

You can now test if a rule-set is correct.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/xtables-restore.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'iptables/xtables-restore.c')

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index ca9e0c05..c62b0a9a 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -266,14 +266,20 @@ xtables_restore_main(int argc, char *argv[])
 				DEBUGP("Calling commit\n");
 				ret = 1;
 			} else {
-				/* FIXME -t needs to be fixed */
+				if (nft_abort(&h)) {
+					xtables_error(OTHER_PROBLEM,
+						      "Failed to abort "
+						      "commit in table %s\n",
+						      curtable);
+				}
 				DEBUGP("Not calling commit, testing\n");
 				ret = 1;
 			}
 			in_table = 0;
 
 			/* Purge out unused chains in this table */
-			nft_table_purge_chains(&h, curtable, chain_list);
+			if (!testing)
+				nft_table_purge_chains(&h, curtable, chain_list);
 
 		} else if ((buffer[0] == '*') && (!in_table)) {
 			/* New table */
-- 
cgit v1.2.3