$ iptables-translate -I INPUT -s yahoo.com
nft insert rule ip filter INPUT ip saddr 98.139.183.24 counter
nft insert rule ip filter INPUT ip saddr 206.190.36.45 counter
nft insert rule ip filter INPUT ip saddr 98.138.253.109 counter
nft
This extra 'nft' print is incorrect, just print it if there are more
rules to be printed.
Reported-by: Alexander Alemayhu <alexander@xxxxxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
iptables/xtables-translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index d9885f20dce6..00de019000f3 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -195,7 +195,7 @@ static int xlate(struct nft_handle *h, struct nft_xt_cmd_parse *p,
}
break;
}
- if (!cs->restore)
+ if (!cs->restore && i < args->s.naddrs - 1)
printf("nft ");
}
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
