xtables-translate: Support setting standard chain policy

Looks like this bit was simply forgotten when implementing
xlate_chain_set() as everything needed was there to just print the
desired policy along with the chain definition.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 689533f3d4d85255a70d05029126ebadfdce1e8f..0c706dcc2b9dbb4c8a4a13a68428f2be014041cc 100644 (file)
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -354,16 +354,22 @@ static int xlate_chain_set(struct nft_handle *h, const char *table,
 {
        printf("add chain %s %s %s ", family2str[h->family], table, chain);
        if (strcmp(chain, "PREROUTING") == 0)
-               printf("{ type filter hook prerouting priority 0; }\n");
+               printf("{ type filter hook prerouting priority 0; ");
        else if (strcmp(chain, "INPUT") == 0)
-               printf("{ type filter hook input priority 0; }\n");
+               printf("{ type filter hook input priority 0; ");
        else if (strcmp(chain, "FORWARD") == 0)
-               printf("{ type filter hook forward priority 0; }\n");
+               printf("{ type filter hook forward priority 0; ");
        else if (strcmp(chain, "OUTPUT") == 0)
-               printf("{ type filter hook output priority 0; }\n");
+               printf("{ type filter hook output priority 0; ");
        else if (strcmp(chain, "POSTROUTING") == 0)
-               printf("{ type filter hook postrouting priority 0; }\n");
+               printf("{ type filter hook postrouting priority 0; ");
 
+       if (strcmp(policy, "ACCEPT") == 0)
+               printf("policy accept; ");
+       else if (strcmp(policy, "DROP") == 0)
+               printf("policy drop; ");
+
+       printf("}\n");
        return 1;
 }