From eb24dfcb85f5db390de86bf95a4e7e916856bf2a Mon Sep 17 00:00:00 2001
From: Vadim Kurland <vadim@netcitadel.com>
Date: Fri, 18 Jul 2008 19:16:06 +0000
Subject: [PATCH] fixed bug with missing COMMIT after mangle table rules

---
 doc/ChangeLog   | 8 ++++++++
 src/ipt/ipt.cpp | 8 +++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 65ec22d28..8fe9e86d4 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,11 @@
+2008-07-18  Vadim Kurland  <vadim@vk.crocodile.org>
+
+	* ipt.cpp (main): fixed bug (no #): if generated script used
+	iptables-restore and if there were automatically generated rules
+	in the magle table, for example for the "clamp MSS to MTU" rule,
+	but no other rules in the mangle table, compiler would not add
+	COMMIT.
+
 2008-07-17  Vadim Kurland  <vadim@vk.crocodile.org>
 
 	* PolicyCompiler_ipt.cpp (prepareForMultiport::processNext): fixed
diff --git a/src/ipt/ipt.cpp b/src/ipt/ipt.cpp
index e64900a90..23d757367 100644
--- a/src/ipt/ipt.cpp
+++ b/src/ipt/ipt.cpp
@@ -688,7 +688,9 @@ _("Dynamic interface %s should not have an IP address object attached to it. Thi
                 {
                     m.compile();
                     m.epilog();
-                    
+
+                    long m_str_pos = m_str.tellp();
+
                     if (policy->isTop())
                     {
                         m_str << "# ================ Table 'mangle', "
@@ -709,6 +711,10 @@ _("Dynamic interface %s should not have an IP address object attached to it. Thi
                         }
 
                         m_str << m.getCompiledScript();
+                    }
+
+                    if (m_str_pos!=m_str.tellp())
+                    {
                         m_str << m.commit();
                         m_str << endl;
                         empty_output = false;