Hi Tomasz, On Wed, Jul 17, 2013 at 10:34:14AM +0300, Tomasz Bursztyka wrote: > Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@xxxxxxxxxxxxxxx> > --- > iptables/nft.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/iptables/nft.c b/iptables/nft.c > index f9a88c9..f33faa5 100644 > --- a/iptables/nft.c > +++ b/iptables/nft.c > @@ -2495,6 +2495,9 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, > } > __nft_rule_list(h, c, table, rulenum, format, print_firewall); > > + if (chain && strcmp(chain, chain_name) == 0) > + break; > + > found = true; > > next: > @@ -2593,6 +2596,9 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain, > > ret = __nft_rule_list(h, c, table, rulenum, > counters ? 0 : FMT_NOCOUNTS, list_save); > + > + if (chain && strcmp(chain, chain_name) != 0) This should be == 0. There's the same checking above __nft_rule_list. I noticed that we don't need to strcmp(chain, chain_name) again, checking for chain is sufficient. Pushed this patch, is based on yours: http://git.netfilter.org/iptables-nftables/commit/?id=db6d43c979954b1a0e2a3d2d1fa4494c43d921c1 While at it, I also noticed that selective listing per chain with -S was also broken, fixed here: http://git.netfilter.org/iptables-nftables/commit/?id=eaa70f580a3e3b7675d75005ab71c00494a3ee6e Regards. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
