X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=iptables.c;h=e1ad2d40e7b641bb2ae11614f0a614b819783a6b;hp=2fc8d36fec329b08ad8c9887237ea82d55ef30a7;hb=3a3d85b3c787271e4860ca590d716cf557c1fb7e;hpb=2dbfd733c34311df6217da809c0045c195ba8b9e

diff --git a/iptables.c b/iptables.c
index 2fc8d36..e1ad2d4 100644
--- a/iptables.c
+++ b/iptables.c
@@ -311,7 +311,11 @@ fw3_ipt_commit(struct fw3_ipt_handle *h)
 		if (!rv)
 			fprintf(stderr, "iptc_commit(): %s\n", iptc_strerror(errno));
 	}
+}
 
+void
+fw3_ipt_close(struct fw3_ipt_handle *h)
+{
 	if (h->libv)
 	{
 		while (h->libc > 0)
@@ -791,29 +795,35 @@ fw3_ipt_rule_limit(struct fw3_ipt_rule *r, struct fw3_limit *limit)
 }
 
 void
-fw3_ipt_rule_ipset(struct fw3_ipt_rule *r, struct fw3_ipset *ipset,
-                   bool invert)
+fw3_ipt_rule_ipset(struct fw3_ipt_rule *r, struct fw3_setmatch *match)
 {
 	char buf[sizeof("dst,dst,dst\0")];
 	char *p = buf;
+	int i = 0;
 
+	struct fw3_ipset *set;
 	struct fw3_ipset_datatype *type;
 
-	if (!ipset)
+	if (!match || !match->set || !match->ptr)
 		return;
 
-	list_for_each_entry(type, &ipset->datatypes, list)
+	set = match->ptr;
+	list_for_each_entry(type, &set->datatypes, list)
 	{
+		if (i >= 3)
+			break;
+
 		if (p > buf)
 			*p++ = ',';
 
-		p += sprintf(p, "%s", type->dest ? "dst" : "src");
+		p += sprintf(p, "%s", match->dir[i] ? match->dir[i] : type->dir);
+		i++;
 	}
 
 	fw3_ipt_rule_addarg(r, false, "-m", "set");
 
-	fw3_ipt_rule_addarg(r, invert, "--match-set",
-	                    ipset->external ? ipset->external : ipset->name);
+	fw3_ipt_rule_addarg(r, match->invert, "--match-set",
+	                    set->external ? set->external : set->name);
 
 	fw3_ipt_rule_addarg(r, false, buf, NULL);
 }
@@ -1078,10 +1088,6 @@ rule_print4(struct ipt_entry *e)
 static void
 rule_print(struct fw3_ipt_rule *r, const char *chain)
 {
-	struct xtables_rule_match *rm;
-	struct xtables_match *m;
-	struct xtables_target *t;
-
 	debug(r->h, "-A %s", chain);
 
 #ifndef DISABLE_IPV6
@@ -1091,23 +1097,8 @@ rule_print(struct fw3_ipt_rule *r, const char *chain)
 #endif
 		rule_print4(&r->e);
 
-	for (rm = r->matches; rm; rm = rm->next)
-	{
-		m = rm->match;
-		printf(" -m %s", fw3_xt_get_match_name(m));
-
-		if (m->save)
-			m->save(&r->e.ip, m->m);
-	}
-
-	if (r->target)
-	{
-		t = r->target;
-		printf(" -j %s", fw3_xt_get_target_name(t));
-
-		if (t->save)
-			t->save(&r->e.ip, t->t);
-	}
+	fw3_xt_print_matches(&r->e.ip, r->matches);
+	fw3_xt_print_target(&r->e.ip, r->target);
 
 	printf("\n");
 }