Add debug prints for policy setting, don't commit ruleset in print mode

diff --git a/iptables.c b/iptables.c
index 9c5f80a..fd230d3 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -105,6 +105,9 @@ void
 fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
                    enum fw3_flag policy)
 {
 fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
                    enum fw3_flag policy)
 {

+       if (fw3_pr_debug)
+               printf("-P %s %s\n", chain, fw3_flag_names[policy]);
+

        if (h->family == FW3_FAMILY_V6)
                ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
        else
        if (h->family == FW3_FAMILY_V6)
                ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
        else

diff --git a/main.c b/main.c
index a2b80be..116050a 100644 (file)
--- a/main.c
+++ b/main.c
@@ -287,7 +287,8 @@ start(void)
                        fw3_print_zone_rules(handle, cfg_state, false);
                        fw3_print_default_tail_rules(handle, cfg_state, false);
 
                        fw3_print_zone_rules(handle, cfg_state, false);
                        fw3_print_default_tail_rules(handle, cfg_state, false);
 

-                       fw3_ipt_commit(handle);
+                       if (!print_rules)
+                               fw3_ipt_commit(handle);

                }
 
                //fw3_print_includes(cfg_state, family, false);
                }
 
                //fw3_print_includes(cfg_state, family, false);


@@ -510,6 +511,7 @@ int main(int argc, char **argv)
 
                cfg_state->disable_ipsets = true;
                print_rules = true;
 
                cfg_state->disable_ipsets = true;
                print_rules = true;

+               fw3_pr_debug = true;

 
                rv = start();
        }
 
                rv = start();
        }