iptables: Fix rule appending

Commit ba052f1f "iptables: Add split out iptables commands"
introduced a bug. __connman_iptables_append() should
call iptables_append_rule() instead of iptables_insert_rule().

1 files changed, 6 insertions, 9 deletions

diff --git a/src/iptables.c b/src/iptables.c
index 734ebc11..ea2a52b0 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -796,7 +796,7 @@ static struct ipt_entry *prepare_rule_inclusion(struct connman_iptables *table,
 	return new_entry;
 }
 
-static int iptables_insert_rule(struct connman_iptables *table,
+static int iptables_append_rule(struct connman_iptables *table,
 				struct ipt_ip *ip, const char *chain_name,
 				const char *target_name,
 				struct xtables_target *xt_t,
@@ -804,10 +804,10 @@ static int iptables_insert_rule(struct connman_iptables *table,
 {
 	struct ipt_entry *new_entry;
 	int builtin = -1, ret;
-	GList *chain_head;
+	GList *chain_tail;
 
-	chain_head = find_chain_head(table, chain_name);
-	if (chain_head == NULL)
+	chain_tail = find_chain_tail(table, chain_name);
+	if (chain_tail == NULL)
 		return -EINVAL;
 
 	new_entry = prepare_rule_inclusion(table, ip, chain_name,
@@ -815,10 +815,7 @@ static int iptables_insert_rule(struct connman_iptables *table,
 	if (new_entry == NULL)
 		return -EINVAL;
 
-	if (builtin == -1)
-		chain_head = chain_head->next;
-
-	ret = iptables_add_entry(table, new_entry, chain_head, builtin);
+	ret = iptables_add_entry(table, new_entry, chain_tail->prev, builtin);
 	if (ret < 0)
 		g_free(new_entry);
 
@@ -2185,7 +2182,7 @@ int __connman_iptables_append(const char *table_name,
 	else
 		target_name = ctx->xt_t->name;
 
-	err = iptables_insert_rule(table, ctx->ip, chain,
+	err = iptables_append_rule(table, ctx->ip, chain,
 				target_name, ctx->xt_t, ctx->xt_rm);
 out:
 	cleanup_parse_context(ctx);