xtables: Do not dump before command parsing has been finished

On xtables-save.c, -d will not output right away but after the full
command line hase been parsed.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index db030901f6633f80e98314eca5c6a3b6726b4451..990c0fe6cdd878bcfe90bd2e639d3e29dae8d636 100644 (file)
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -78,6 +78,7 @@ int
 xtables_save_main(int argc, char *argv[])
 {
        const char *tablename = NULL;
+       bool dump = false;
        struct nft_handle h = {
                .family = AF_INET,      /* default to AF_INET */
        };
@@ -118,8 +119,8 @@ xtables_save_main(int argc, char *argv[])
                        xtables_modprobe_program = optarg;
                        break;
                case 'd':
-                       do_output(&h, tablename, show_counters);
-                       exit(0);
+                       dump = true;
+                       break;
                case '4':
                        h.family = AF_INET;
                        break;
@@ -135,5 +136,10 @@ xtables_save_main(int argc, char *argv[])
                exit(1);
        }
 
+       if (dump) {
+               do_output(&h, tablename, show_counters);
+               exit(0);
+       }
+
        return !do_output(&h, tablename, show_counters);
 }