From: Jo-Philipp Wich <jow@openwrt.org>
Date: Thu, 16 May 2013 19:46:51 +0000 (+0200)
Subject: Add debug prints for policy setting, don't commit ruleset in print mode
X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=commitdiff_plain;h=781916efb792394014515c8d3f37da8cc35ed65f

Add debug prints for policy setting, don't commit ruleset in print mode
---

diff --git a/iptables.c b/iptables.c
index 9c5f80a..fd230d3 100644
--- a/iptables.c
+++ b/iptables.c
@@ -105,6 +105,9 @@ void
 fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
                    enum fw3_flag policy)
 {
+	if (fw3_pr_debug)
+		printf("-P %s %s\n", chain, fw3_flag_names[policy]);
+
 	if (h->family == FW3_FAMILY_V6)
 		ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
 	else
diff --git a/main.c b/main.c
index a2b80be..116050a 100644
--- a/main.c
+++ b/main.c
@@ -287,7 +287,8 @@ start(void)
 			fw3_print_zone_rules(handle, cfg_state, false);
 			fw3_print_default_tail_rules(handle, cfg_state, false);
 
-			fw3_ipt_commit(handle);
+			if (!print_rules)
+				fw3_ipt_commit(handle);
 		}
 
 		//fw3_print_includes(cfg_state, family, false);
@@ -510,6 +511,7 @@ int main(int argc, char **argv)
 
 		cfg_state->disable_ipsets = true;
 		print_rules = true;
+		fw3_pr_debug = true;
 
 		rv = start();
 	}