diff options
authorLiping Zhang <>2016-07-18 22:14:27 +0800
committerPablo Neira Ayuso <>2016-07-19 20:18:36 +0200
commit4bde4cc6721e460a1896bf4be2b44fb2ed05b240 (patch)
parentcc7e0982aeb8c2e30b669457d5c062e34f1085be (diff)
extensions: libxt_NFLOG: display nflog-size even if it is zero
The following iptables rules have the different semantics: # iptables -A INPUT -j NFLOG # iptables -A INPUT -j NFLOG --nflog-size 0 But they are all displayed as "-A INPUT -j NFLOG", so if the user input the following commands, the original semantics will be broken. # iptables-save | iptables-restore Signed-off-by: Liping Zhang <> Signed-off-by: Pablo Neira Ayuso <>
1 files changed, 1 insertions, 1 deletions
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 8c670662..a747951a 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -83,7 +83,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix)
if (info->group)
printf(" %snflog-group %u", prefix, info->group);
- if (info->len && info->flags & XT_NFLOG_F_COPY_LEN)
+ if (info->flags & XT_NFLOG_F_COPY_LEN)
printf(" %snflog-size %u", prefix, info->len);
else if (info->len)
printf(" %snflog-range %u", prefix, info->len);