From d29aa7887cdedfcc3912dcd250d16185dc6748af Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 1 Aug 2023 22:47:33 +0200
Subject: [PATCH] Store iptables/nft stderr output in special files

---
 CHANGELOG            |  2 ++
 dump-server-state.sh | 12 ++++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 9104411..70db79c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Added
 
+* Store iptables/nft stderr output in special files
+
 ### Changed
 
 ### Fixed
diff --git a/dump-server-state.sh b/dump-server-state.sh
index 5f76413..b918bc9 100644
--- a/dump-server-state.sh
+++ b/dump-server-state.sh
@@ -467,14 +467,14 @@ task_iptables() {
                 printf "\n#### ip6tables --table mangle --list ###############\n"
                 ${ip6tables_bin} --table mangle --list --numeric
             fi
-        } > "${dump_dir}/iptables.txt")
+        } > "${dump_dir}/iptables.txt") 2> "${dump_dir}/iptables.err"
         last_rc=$?
 
         if [ ${last_rc} -eq 0 ]; then
             debug "* iptables OK"
         else
             debug "* iptables ERROR"
-            debug "${last_result}"
+            debug "$(cat ${dump_dir}/iptables.err)"
             # Ignore errors because we don't know if this is nft related or a real error
             # rc=10
         fi
@@ -485,14 +485,14 @@ task_iptables() {
     iptables_save_bin=$(command -v iptables-save)
 
     if [ -n "${iptables_save_bin}" ]; then
-        last_result=$(${iptables_save_bin} > "${dump_dir}/iptables-save.txt")
+        ${iptables_save_bin} > "${dump_dir}/iptables-save.txt" 2> "${dump_dir}/iptables-save.err"
         last_rc=$?
 
         if [ ${last_rc} -eq 0 ]; then
             debug "* iptables-save OK"
         else
             debug "* iptables-save ERROR"
-            debug "${last_result}"
+            debug "$(cat ${dump_dir}/iptables-save.err)"
             # Ignore errors because we don't know if this is nft related or a real error
             # rc=10
         fi
@@ -503,14 +503,14 @@ task_iptables() {
     nft_bin=$(command -v nft)
 
     if [ -n "${nft_bin}" ]; then
-        last_result=$(${nft_bin} list ruleset > "${dump_dir}/nft-ruleset.txt")
+        ${nft_bin} list ruleset > "${dump_dir}/nft-ruleset.txt" 2> "${dump_dir}/nft-ruleset.err"
         last_rc=$?
 
         if [ ${last_rc} -eq 0 ]; then
             debug "* nft ruleset OK"
         else
             debug "* nft ruleset ERROR"
-            debug "${last_result}"
+            debug "$(cat ${dump_dir}/nft-ruleset.err)"
             rc=10
         fi
     fi