diff --git a/src/fw4_nft.c b/src/fw4_nft.c index c93fa0743..3bef2dcd7 100644 --- a/src/fw4_nft.c +++ b/src/fw4_nft.c @@ -364,7 +364,7 @@ check_nft_expr_json_array_object(json_object *jobj, const char *ip, const char * // if the "protocol" value is "ether", get the "right" value if (json_object_object_get_ex(jobj_item_match, "right", &jobj_item_match_right)) { const char *right = json_object_get_string(jobj_item_match_right); - if (strcmp(right, mac) != 0) { + if (strcmp(right, mac) == 0) { // if the "right" value is the mac address, return 1 mac_flag = 1; } @@ -373,7 +373,7 @@ check_nft_expr_json_array_object(json_object *jobj, const char *ip, const char * // if the "protocol" value is "ip", get the "right" value if (json_object_object_get_ex(jobj_item_match, "right", &jobj_item_match_right)) { const char *right = json_object_get_string(jobj_item_match_right); - if (strcmp(right, ip) != 0) { + if (strcmp(right, ip) == 0) { // if the "right" value is the ip address, return 1 ip_flag = 1; } @@ -404,6 +404,7 @@ nft_fw_del_rule_by_ip_and_mac(const char *ip, const char *mac, const char *chain // first get the rule list of chain mangle_prerouting_wifidogx_outgoing char cmd[256] = {0}; snprintf(cmd, sizeof(cmd), "nft -j list chain inet fw4 %s", chain); + debug(LOG_DEBUG, " cmd: %s", cmd); // throught popen, get the rule list of chain mangle_prerouting_wifidogx_outgoing FILE *r_fp = popen(cmd, "r"); if (r_fp == NULL) { @@ -414,6 +415,7 @@ nft_fw_del_rule_by_ip_and_mac(const char *ip, const char *mac, const char *chain // read the rule list of chain mangle_prerouting_wifidogx_outgoing fgets(buf, sizeof(buf), r_fp); pclose(r_fp); + debug(LOG_DEBUG, " buf: %s", buf); // parse the rule list of chain mangle_prerouting_wifidogx_outgoing // use libjson-c to parse the rule list of chain mangle_prerouting_wifidogx_outgoing json_object *jobj = json_tokener_parse(buf);