fix on firewall rule building

src/fw.rs

@@ -26,7 +26,6 @@ macro_rules! initrules {
         $chain.set_policy(nftnl::Policy::Accept);
 
         $batch.add(&$chain, nftnl::MsgType::Add);
-
         $batch.add(&Rule::new(&$chain), nftnl::MsgType::Del);
 
         let mut rule = Rule::new(&$chain);
@@ -38,28 +37,16 @@ macro_rules! initrules {
         rule.add_expr(&nft_expr!(verdict accept));
 
         $batch.add(&rule, nftnl::MsgType::Add);
-    };}
-macro_rules! createrules {
-    ($ipdata:ident, $chain:ident, $batch:ident) => {
-        let mut rule = Rule::new(&$chain);
-        match $ipdata.t {
-            4 => {
-                let ip = $ipdata.ip.parse::<Ipv4Addr>().unwrap();
-                rule.add_expr(&nft_expr!(payload ipv4 saddr));
-                rule.add_expr(&nft_expr!(cmp == ip));
-            },
-            6 => {
-                let ip = $ipdata.ip.parse::<Ipv6Addr>().unwrap();
-                rule.add_expr(&nft_expr!(payload ipv6 saddr));
-                rule.add_expr(&nft_expr!(cmp == ip));
-            },
-            _ => {
-                let ip = $ipdata.ip.parse::<Ipv4Addr>().unwrap();
-                rule.add_expr(&nft_expr!(payload ipv4 saddr));
-                rule.add_expr(&nft_expr!(cmp == ip));
-            },
     };
+}
 
+macro_rules! createrules {
+    ($ipdata:ident, $chain:ident, $batch:ident, $t:ty, $ip_t:ident) => {
+        let mut rule = Rule::new(&$chain);
+        let ip = $ipdata.ip.parse::<$t>().unwrap();
+
+        rule.add_expr(&nft_expr!(payload $ip_t saddr));
+        rule.add_expr(&nft_expr!(cmp == ip));
         rule.add_expr(&nft_expr!(ct state));
         rule.add_expr(&nft_expr!(bitwise mask 10u32, xor 0u32));
         rule.add_expr(&nft_expr!(cmp != 0u32));
@@ -110,8 +97,15 @@ pub fn fwblock(
 
     // build and add rules
     for ipdata in ips_add.clone() {
-        createrules!(ipdata, chain4, batch4);
-        createrules!(ipdata, chain6, batch6);
+        match ipdata.t {
+            4 => {
+                createrules!(ipdata, chain4, batch4, Ipv4Addr, ipv4);
+            }
+            6 => {
+                createrules!(ipdata, chain6, batch6, Ipv6Addr, ipv6);
+            }
+            _ => {}
+        }
     }
 
     // validate and send batch