Decouple handle destroying from committing, add fw3_ipt_close() instead

[project/firewall3.git] / rules.c

diff --git a/rules.c b/rules.c
index 0f4e925..b6c3d75 100644 (file)
--- a/rules.c
+++ b/rules.c
@@ -245,7 +245,13 @@ append_chain(struct fw3_ipt_rule *r, struct fw3_rule *rule)
                }
 
                if (rule->dest.set && !rule->src.set)
-                       snprintf(chain, sizeof(chain), "zone_%s_output", rule->dest.name);
+               {
+                       if (rule->dest.any)
+                               snprintf(chain, sizeof(chain), "delegate_output");
+                       else
+                               snprintf(chain, sizeof(chain), "zone_%s_output",
+                                        rule->dest.name);
+               }
        }
 
        fw3_ipt_rule_append(r, chain);
@@ -308,7 +314,9 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
        if (!fw3_is_family(sip, handle->family) ||
            !fw3_is_family(dip, handle->family))
        {
-               info("     ! Skipping due to different family of ip address");
+               if ((sip && !sip->resolved) || (dip && !dip->resolved))
+                       info("     ! Skipping due to different family of ip address");
+
                return;
        }