iptables: Get rid of iptables_commit function.

It's not fun to make sure it was correctly called.

diff --git a/functions.iptables b/functions.iptables
index b8db7cba0a1583350791d4c2eab0b66fe502f337..56f6729b89720cc15d9b4967fde70640b0762ded 100644 (file)
--- a/functions.iptables
+++ b/functions.iptables
@@ -183,20 +183,26 @@ function iptables_load() {
 
        local rulesfile
 
-       # First, commit all tables.
-       _iptables_commit
-
        # Concat the table rulesets into one big file.
        local proto
        for proto in 6 4; do
                rulesfile=$(iptables_rulesfile ipv${proto})
+               assert isset rulesfile
 
                local table
                local tablefile
                for table in $(iptables_tables ipv${proto}); do
                        tablefile=$(iptables_rulesfile ipv${proto} ${table})
-                       print "$(<${tablefile})"
+
+                       fread ${tablefile}
+
+                       # Add the COMMIT statement for every table.
+                       if [ -s "${tablefile}" ]; then
+                               print "COMMIT"
+                       fi
                done > ${rulesfile}
+
+               assert [ -s "${rulesfile}" ]
        done
 
        local error="false"
@@ -236,15 +242,6 @@ function iptables_load() {
        return ${EXIT_OK}
 }
 
-# Commit all tables.
-function _iptables_commit() {
-       iptables -t filter "COMMIT"
-       iptables -t mangle "COMMIT"
-
-       # Commit NAT chain for IPv4.
-       iptables -4 -t nat "COMMIT"
-}
-
 function _iptables_load() {
        local proto=${1}
        local file=${2}