xtables: nft: display rule number via -S

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index a9a391df53f3d9485c2b6c3e1ccb6d82452c1d8b..3d5a15327eab56b50e80db7dcb0aa17223fb588b 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2543,11 +2543,13 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
        struct nft_chain_list *list;
        struct nft_chain_list_iter *iter;
        struct nft_chain *c;
+       int ret = 1;
 
        list = nft_chain_dump(h);
 
        /* Dump policies and custom chains first */
-       nft_rule_list_chain_save(h, table, list, counters);
+       if (!rulenum)
+               nft_rule_list_chain_save(h, table, list, counters);
 
        /* Now dump out rules in this table */
        iter = nft_chain_list_iter_create(list);
@@ -2566,15 +2568,15 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
                if (chain && strcmp(chain, chain_name) != 0)
                        goto next;
 
-               __nft_rule_list(h, c, table, rulenum,
-                               counters ? 0 : FMT_NOCOUNTS, list_save);
+               ret = __nft_rule_list(h, c, table, rulenum,
+                                     counters ? 0 : FMT_NOCOUNTS, list_save);
 next:
                c = nft_chain_list_iter_next(iter);
        }
 err:
        nft_chain_list_free(list);
 
-       return 1;
+       return ret;
 }
 
 static int nft_action(struct nft_handle *h, int type)

diff --git a/iptables/xtables.c b/iptables/xtables.c
index c712aaf4e69469eb2261233433e0b57414243ecb..a5a83c24bf6aa3134938bf116534975e907fa3bc 100644 (file)
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -582,7 +582,7 @@ list_rules(struct nft_handle *h, const char *chain, const char *table,
 
        nft_rule_list_save(h, chain, table, rulenum, counters);
 
-       /* FIXME found */
+       /* iptables does not return error if rule number not found */
        return 1;
 }