From 9f7fa49a6e1cd803de8a42fa849582d5d72822bf Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Thu, 15 Mar 2001 15:12:02 +0000 Subject: fixing a lot of bugs / cleaning up - no more dependency problems with user-defined chains - cleanup of the old strtok problem ( no more goto) --- iptables-save.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'iptables-save.c') diff --git a/iptables-save.c b/iptables-save.c index f648efae..282ca7f8 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -145,7 +145,7 @@ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert) /* We want this to be readable, so only print out neccessary fields. * Because that's the kind of world I want to live in. */ static void print_rule(const struct ipt_entry *e, - iptc_handle_t *h, int counters) + iptc_handle_t *h, const char *chain, int counters) { struct ipt_entry_target *t; @@ -153,6 +153,9 @@ static void print_rule(const struct ipt_entry *e, if (counters) printf("[%llu:%llu] ", e->counters.pcnt, e->counters.bcnt); + /* print chain name */ + printf("-A %s ", chain); + /* Print IP part. */ print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr, e->ip.invflags & IPT_INV_SRCIP); @@ -246,12 +249,12 @@ static int do_output(const char *tablename) NETFILTER_VERSION, ctime(&now)); printf("*%s\n", tablename); - /* Dump out chain names */ + /* Dump out chain names first, + * thereby preventing dependency conflicts */ for (chain = iptc_first_chain(&h); chain; chain = iptc_next_chain(&h)) { - const struct ipt_entry *e; - + printf(":%s ", chain); if (iptc_builtin(chain, h)) { struct ipt_counters count; @@ -261,11 +264,18 @@ static int do_output(const char *tablename) } else { printf("- [0:0]\n"); } + } + + + for (chain = iptc_first_chain(&h); + chain; + chain = iptc_next_chain(&h)) { + const struct ipt_entry *e; /* Dump out rules */ e = iptc_first_rule(chain, &h); while(e) { - print_rule(e, &h, counters); + print_rule(e, &h, chain, counters); e = iptc_next_rule(e, &h); } } -- cgit v1.2.3