From 0e94eb2e0e38cb9df0784e5be530358c692701de Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 9 Mar 2017 11:56:39 +0100
Subject: iptables-translate: print nft iff there are more expanded rules to
 print

$ iptables-translate -I INPUT -s yahoo.com
nft insert rule ip filter INPUT ip saddr 98.139.183.24 counter
nft insert rule ip filter INPUT ip saddr 206.190.36.45 counter
nft insert rule ip filter INPUT ip saddr 98.138.253.109 counter
nft

This extra 'nft' print is incorrect, just print it if there are more
rules to be printed.

Reported-by: Alexander Alemayhu <alexander@alemayhu.com>
Tested-by: Alexander Alemayhu <alexander@alemayhu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/xtables-translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'iptables/xtables-translate.c')

diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index d9885f20..00de0190 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -195,7 +195,7 @@ static int xlate(struct nft_handle *h, struct nft_xt_cmd_parse *p,
 			}
 			break;
 		}
-		if (!cs->restore)
+		if (!cs->restore && i < args->s.naddrs - 1)
 			printf("nft ");
 	}
 
-- 
cgit v1.2.3