From 781916efb792394014515c8d3f37da8cc35ed65f Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 16 May 2013 21:46:51 +0200 Subject: [PATCH 1/1] Add debug prints for policy setting, don't commit ruleset in print mode --- iptables.c | 3 +++ main.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/iptables.c b/iptables.c index 9c5f80a..fd230d3 100644 --- a/iptables.c +++ b/iptables.c @@ -105,6 +105,9 @@ void fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain, enum fw3_flag policy) { + if (fw3_pr_debug) + printf("-P %s %s\n", chain, fw3_flag_names[policy]); + if (h->family == FW3_FAMILY_V6) ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle); else diff --git a/main.c b/main.c index a2b80be..116050a 100644 --- a/main.c +++ b/main.c @@ -287,7 +287,8 @@ start(void) fw3_print_zone_rules(handle, cfg_state, false); fw3_print_default_tail_rules(handle, cfg_state, false); - fw3_ipt_commit(handle); + if (!print_rules) + fw3_ipt_commit(handle); } //fw3_print_includes(cfg_state, family, false); @@ -510,6 +511,7 @@ int main(int argc, char **argv) cfg_state->disable_ipsets = true; print_rules = true; + fw3_pr_debug = true; rv = start(); } -- 2.11.0