xtables: nft: display rule by number via -L
This patch fixes the display of rule by number.
[ Mangled this patch not to display the header, to mimic iptables
--pablo ]
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/iptables/nft.c b/iptables/nft.c
index e660878..a9a391d 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2394,19 +2394,21 @@
strcmp(chain, rule_chain) != 0)
goto next;
- if (rulenum > 0) {
+ if (rulenum > 0 && rule_ctr != rulenum) {
/* List by rule number case */
- if (rule_ctr != rulenum) {
- rule_ctr++;
- goto next;
- }
- } else {
- struct iptables_command_state cs = {};
- /* Show all rules case */
- nft_rule_to_iptables_command_state(r, &cs);
-
- cb(&cs, r, rule_ctr, format);
+ goto next;
}
+
+ struct iptables_command_state cs = {};
+ /* Show all rules case */
+ nft_rule_to_iptables_command_state(r, &cs);
+
+ cb(&cs, r, rule_ctr, format);
+ if (rulenum > 0 && rule_ctr == rulenum) {
+ ret = 1;
+ break;
+ }
+
next:
r = nft_rule_list_iter_next(iter);
}
@@ -2466,9 +2468,10 @@
if (found)
printf("\n");
- print_header(format, chain_name, policy_name[policy], &ctrs,
- basechain, refs);
-
+ if (!rulenum) {
+ print_header(format, chain_name, policy_name[policy],
+ &ctrs, basechain, refs);
+ }
__nft_rule_list(h, c, table, rulenum, format, print_firewall);
found = true;
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 4e8d362..c712aaf 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -570,7 +570,6 @@
if (linenumbers)
format |= FMT_LINENUMBERS;
- /* FIXME should return found or not, and errno = ENOENT in such case */
return nft_rule_list(h, chain, table, rulenum, format);
}