From 16ac9775b0a3f594bfb717fdd52cecf0366fc15c Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 29 Sep 2012 12:41:35 +0000
Subject: [PATCH] iptables: Get rid of iptables_commit function.

It's not fun to make sure it was correctly called.
---
 functions.iptables | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/functions.iptables b/functions.iptables
index b8db7cba..56f6729b 100644
--- a/functions.iptables
+++ b/functions.iptables
@@ -183,20 +183,26 @@ function iptables_load() {
 
 	local rulesfile
 
-	# First, commit all tables.
-	_iptables_commit
-
 	# Concat the table rulesets into one big file.
 	local proto
 	for proto in 6 4; do
 		rulesfile=$(iptables_rulesfile ipv${proto})
+		assert isset rulesfile
 
 		local table
 		local tablefile
 		for table in $(iptables_tables ipv${proto}); do
 			tablefile=$(iptables_rulesfile ipv${proto} ${table})
-			print "$(<${tablefile})"
+
+			fread ${tablefile}
+
+			# Add the COMMIT statement for every table.
+			if [ -s "${tablefile}" ]; then
+				print "COMMIT"
+			fi
 		done > ${rulesfile}
+
+		assert [ -s "${rulesfile}" ]
 	done
 
 	local error="false"
@@ -236,15 +242,6 @@ function iptables_load() {
 	return ${EXIT_OK}
 }
 
-# Commit all tables.
-function _iptables_commit() {
-	iptables -t filter "COMMIT"
-	iptables -t mangle "COMMIT"
-
-	# Commit NAT chain for IPv4.
-	iptables -4 -t nat "COMMIT"
-}
-
 function _iptables_load() {
 	local proto=${1}
 	local file=${2}
-- 
2.47.2