From 9c20574418b35437e3211d652ae7a7a60bcd720a Mon Sep 17 00:00:00 2001
From: SunBK201 <sunbk201gm@gmail.com>
Date: Mon, 3 Nov 2025 15:25:23 +0800
Subject: [PATCH] feat: add debug logging for firewall and route rules

---
 openwrt/files/ua3f.init | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/openwrt/files/ua3f.init b/openwrt/files/ua3f.init
index 1ad2983..76d7e84 100755
--- a/openwrt/files/ua3f.init
+++ b/openwrt/files/ua3f.init
@@ -455,6 +455,27 @@ start_service() {
         ;;
     esac
 
+    # dump all fw rules for debug
+    if [ "$log_level" = "debug" ]; then
+        if [ "$FW_BACKEND" = "nft" ]; then
+            LOG "nftables rules:"
+            nft --handle list ruleset >>"$LOG_FILE" 2>&1
+        elif [ "$FW_BACKEND" = "ipt" ]; then
+            LOG "iptables rules:"
+            LOG "mangle table:"
+            iptables -t mangle -L -v -n >>"$LOG_FILE" 2>&1
+            LOG "nat table:"
+            iptables -t nat -L -v -n >>"$LOG_FILE" 2>&1
+            LOG "filter table:"
+            iptables -t filter -L -v -n >>"$LOG_FILE" 2>&1
+        fi
+    fi
+    # dump route rules for debug
+    if [ "$log_level" = "debug" ]; then
+        LOG "ip rule list:"
+        ip rule show >>"$LOG_FILE" 2>&1
+    fi
+
     procd_open_instance "$NAME"
     procd_set_param command "$PROG"
     procd_append_param command -m "$server_mode"