From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 20 Jan 2013 22:23:29 +0000 (+0100)
Subject: xtables-restore: support test option `-t'
X-Git-Tag: v1.6.0~111^2~128
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18af813cabf7b574dec86beedf0a335e5928eaaa;p=thirdparty%2Fiptables.git

xtables-restore: support test option `-t'

You can now test if a rule-set is correct.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index ca9e0c05..c62b0a9a 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -266,14 +266,20 @@ xtables_restore_main(int argc, char *argv[])
 				DEBUGP("Calling commit\n");
 				ret = 1;
 			} else {
-				/* FIXME -t needs to be fixed */
+				if (nft_abort(&h)) {
+					xtables_error(OTHER_PROBLEM,
+						      "Failed to abort "
+						      "commit in table %s\n",
+						      curtable);
+				}
 				DEBUGP("Not calling commit, testing\n");
 				ret = 1;
 			}
 			in_table = 0;
 
 			/* Purge out unused chains in this table */
-			nft_table_purge_chains(&h, curtable, chain_list);
+			if (!testing)
+				nft_table_purge_chains(&h, curtable, chain_list);
 
 		} else if ((buffer[0] == '*') && (!in_table)) {
 			/* New table */