[OpenWrt-Devel] [PATCH 2/2] treewide: apply official kernel clang-format style

Paul Spooren mail at aparcar.org
Fri May 10 09:05:38 EDT 2019


Currently some files use a mixture of spaces and tabs within a single
file, instead of fixing style manually, a tool could do the job.

Signed-off-by: Paul Spooren <mail at aparcar.org>
---
 defaults.c   | 268 +++++++++----------
 defaults.h   |   8 +-
 forwards.c   |  86 +++---
 forwards.h   |   3 +-
 helpers.c    | 131 ++++------
 helpers.h    |  21 +-
 icmp_codes.h | 131 +++++-----
 includes.c   |  75 +++---
 includes.h   |   5 +-
 ipsets.c     | 295 ++++++++++-----------
 ipsets.h     |  30 +--
 iptables.c   | 721 ++++++++++++++++++++++-----------------------------
 iptables.h   |  58 +++--
 main.c       | 270 +++++++------------
 options.c    | 700 ++++++++++++++++++++-----------------------------
 options.h    | 208 +++++++--------
 redirects.c  | 464 ++++++++++++++++-----------------
 redirects.h  |   2 +-
 rules.c      | 422 ++++++++++++++----------------
 rules.h      |   3 +-
 snats.c      | 284 ++++++++++----------
 snats.h      |   3 +-
 ubus.c       | 137 +++++-----
 ubus.h       |   3 +-
 utils.c      | 492 ++++++++++++++++-------------------
 utils.h      |  66 ++---
 xtables-10.h | 121 ++++-----
 xtables-5.h  | 122 ++++-----
 zones.c      | 633 ++++++++++++++++++++++----------------------
 zones.h      |  20 +-
 30 files changed, 2616 insertions(+), 3166 deletions(-)

diff --git a/defaults.c b/defaults.c
index 91bd617..24de98a 100644
--- a/defaults.c
+++ b/defaults.c
@@ -18,74 +18,71 @@
 
 #include "defaults.h"
 
-
-#define C(f, tbl, def, fmt) \
-	{ FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_FLAG_##def, fmt }
+#define C(f, tbl, def, fmt)                                                    \
+	{                                                                      \
+		FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_FLAG_##def, fmt           \
+	}
 
 static const struct fw3_chain_spec default_chains[] = {
-	C(ANY, FILTER, UNSPEC,        "reject"),
+	C(ANY, FILTER, UNSPEC, "reject"),
 	C(ANY, FILTER, CUSTOM_CHAINS, "input_rule"),
 	C(ANY, FILTER, CUSTOM_CHAINS, "output_rule"),
 	C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_rule"),
-	C(ANY, FILTER, SYN_FLOOD,     "syn_flood"),
+	C(ANY, FILTER, SYN_FLOOD, "syn_flood"),
 
-	C(V4,  NAT,    CUSTOM_CHAINS, "prerouting_rule"),
-	C(V4,  NAT,    CUSTOM_CHAINS, "postrouting_rule"),
+	C(V4, NAT, CUSTOM_CHAINS, "prerouting_rule"),
+	C(V4, NAT, CUSTOM_CHAINS, "postrouting_rule"),
 
-	{ }
+	{}
 };
 
 const struct fw3_option fw3_flag_opts[] = {
-	FW3_OPT("input",               target,   defaults, policy_input),
-	FW3_OPT("forward",             target,   defaults, policy_forward),
-	FW3_OPT("output",              target,   defaults, policy_output),
+	FW3_OPT("input", target, defaults, policy_input),
+	FW3_OPT("forward", target, defaults, policy_forward),
+	FW3_OPT("output", target, defaults, policy_output),
 
-	FW3_OPT("drop_invalid",        bool,     defaults, drop_invalid),
-	FW3_OPT("tcp_reject_code",     reject_code, defaults, tcp_reject_code),
-	FW3_OPT("any_reject_code",     reject_code, defaults, any_reject_code),
+	FW3_OPT("drop_invalid", bool, defaults, drop_invalid),
+	FW3_OPT("tcp_reject_code", reject_code, defaults, tcp_reject_code),
+	FW3_OPT("any_reject_code", reject_code, defaults, any_reject_code),
 
-	FW3_OPT("syn_flood",           bool,     defaults, syn_flood),
-	FW3_OPT("synflood_protect",    bool,     defaults, syn_flood),
-	FW3_OPT("synflood_rate",       limit,    defaults, syn_flood_rate),
-	FW3_OPT("synflood_burst",      int,      defaults, syn_flood_rate.burst),
+	FW3_OPT("syn_flood", bool, defaults, syn_flood),
+	FW3_OPT("synflood_protect", bool, defaults, syn_flood),
+	FW3_OPT("synflood_rate", limit, defaults, syn_flood_rate),
+	FW3_OPT("synflood_burst", int, defaults, syn_flood_rate.burst),
 
-	FW3_OPT("tcp_syncookies",      bool,     defaults, tcp_syncookies),
-	FW3_OPT("tcp_ecn",             int,      defaults, tcp_ecn),
-	FW3_OPT("tcp_window_scaling",  bool,     defaults, tcp_window_scaling),
+	FW3_OPT("tcp_syncookies", bool, defaults, tcp_syncookies),
+	FW3_OPT("tcp_ecn", int, defaults, tcp_ecn),
+	FW3_OPT("tcp_window_scaling", bool, defaults, tcp_window_scaling),
 
-	FW3_OPT("accept_redirects",    bool,     defaults, accept_redirects),
-	FW3_OPT("accept_source_route", bool,     defaults, accept_source_route),
+	FW3_OPT("accept_redirects", bool, defaults, accept_redirects),
+	FW3_OPT("accept_source_route", bool, defaults, accept_source_route),
 
-	FW3_OPT("auto_helper",         bool,     defaults, auto_helper),
-	FW3_OPT("custom_chains",       bool,     defaults, custom_chains),
-	FW3_OPT("disable_ipv6",        bool,     defaults, disable_ipv6),
-	FW3_OPT("flow_offloading",     bool,     defaults, flow_offloading),
-	FW3_OPT("flow_offloading_hw",  bool,     defaults, flow_offloading_hw),
+	FW3_OPT("auto_helper", bool, defaults, auto_helper),
+	FW3_OPT("custom_chains", bool, defaults, custom_chains),
+	FW3_OPT("disable_ipv6", bool, defaults, disable_ipv6),
+	FW3_OPT("flow_offloading", bool, defaults, flow_offloading),
+	FW3_OPT("flow_offloading_hw", bool, defaults, flow_offloading_hw),
 
-	FW3_OPT("__flags_v4",          int,      defaults, flags[0]),
-	FW3_OPT("__flags_v6",          int,      defaults, flags[1]),
+	FW3_OPT("__flags_v4", int, defaults, flags[0]),
+	FW3_OPT("__flags_v6", int, defaults, flags[1]),
 
-	{ }
+	{}
 };
 
-
-static void
-check_policy(struct uci_element *e, enum fw3_flag *pol, const char *name)
+static void check_policy(struct uci_element *e, enum fw3_flag *pol,
+			 const char *name)
 {
-	if (*pol == FW3_FLAG_UNSPEC)
-	{
-		warn_elem(e, "has no %s policy specified, defaulting to DROP", name);
+	if (*pol == FW3_FLAG_UNSPEC) {
+		warn_elem(e, "has no %s policy specified, defaulting to DROP",
+			  name);
 		*pol = FW3_FLAG_DROP;
-	}
-	else if (*pol > FW3_FLAG_DROP)
-	{
+	} else if (*pol > FW3_FLAG_DROP) {
 		warn_elem(e, "has invalid %s policy, defaulting to DROP", name);
 		*pol = FW3_FLAG_DROP;
 	}
 }
 
-static void
-check_kmod(struct uci_element *e, bool *module, const char *name)
+static void check_kmod(struct uci_element *e, bool *module, const char *name)
 {
 	FILE *f;
 	char buf[128];
@@ -97,27 +94,29 @@ check_kmod(struct uci_element *e, bool *module, const char *name)
 
 	f = fopen(buf, "r");
 
-	if (f)
-	{
+	if (f) {
 		fclose(f);
 		return;
 	}
 
-	warn_elem(e, "requires not available kernel module %s, disabling", name);
+	warn_elem(e, "requires not available kernel module %s, disabling",
+		  name);
 	*module = false;
 }
 
-static void
-check_any_reject_code(struct uci_element *e, enum fw3_reject_code *any_reject_code)
+static void check_any_reject_code(struct uci_element *e,
+				  enum fw3_reject_code *any_reject_code)
 {
 	if (*any_reject_code == FW3_REJECT_CODE_TCP_RESET) {
-		warn_elem(e, "tcp-reset not valid for any_reject_code, defaulting to port-unreach");
+		warn_elem(
+			e,
+			"tcp-reset not valid for any_reject_code, defaulting to port-unreach");
 		*any_reject_code = FW3_REJECT_CODE_PORT_UNREACH;
 	}
 }
 
-static const char*
-get_reject_code(enum fw3_family family, enum fw3_reject_code reject_code)
+static const char *get_reject_code(enum fw3_family family,
+				   enum fw3_reject_code reject_code)
 {
 	switch (reject_code) {
 	case FW3_REJECT_CODE_TCP_RESET:
@@ -125,14 +124,14 @@ get_reject_code(enum fw3_family family, enum fw3_reject_code reject_code)
 	case FW3_REJECT_CODE_PORT_UNREACH:
 		return "port-unreach";
 	case FW3_REJECT_CODE_ADM_PROHIBITED:
-		return family == FW3_FAMILY_V6 ? "adm-prohibited": "admin-prohib";
+		return family == FW3_FAMILY_V6 ? "adm-prohibited" :
+						 "admin-prohib";
 	default:
 		return "unknown";
 	}
 }
 
-void
-fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
+void fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
 {
 	struct uci_section *s;
 	struct uci_element *e;
@@ -140,14 +139,14 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
 
 	bool seen = false;
 
-	defs->tcp_reject_code      = FW3_REJECT_CODE_TCP_RESET;
-	defs->any_reject_code      = FW3_REJECT_CODE_PORT_UNREACH;
-	defs->syn_flood_rate.rate  = 25;
+	defs->tcp_reject_code = FW3_REJECT_CODE_TCP_RESET;
+	defs->any_reject_code = FW3_REJECT_CODE_PORT_UNREACH;
+	defs->syn_flood_rate.rate = 25;
 	defs->syn_flood_rate.burst = 50;
-	defs->tcp_syncookies       = true;
-	defs->tcp_window_scaling   = true;
-	defs->custom_chains        = true;
-	defs->auto_helper          = true;
+	defs->tcp_syncookies = true;
+	defs->tcp_window_scaling = true;
+	defs->custom_chains = true;
+	defs->auto_helper = true;
 
 	uci_foreach_element(&p->sections, e)
 	{
@@ -156,13 +155,12 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
 		if (strcmp(s->type, "defaults"))
 			continue;
 
-		if (seen)
-		{
+		if (seen) {
 			warn_elem(e, "ignoring duplicate section");
 			continue;
 		}
 
-		if(!fw3_parse_options(&state->defaults, fw3_flag_opts, s))
+		if (!fw3_parse_options(&state->defaults, fw3_flag_opts, s))
 			warn_elem(e, "has invalid options");
 
 		check_policy(e, &defs->policy_input, "input");
@@ -175,24 +173,23 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
 	}
 }
 
-void
-fw3_print_default_chains(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                         bool reload)
+void fw3_print_default_chains(struct fw3_ipt_handle *handle,
+			      struct fw3_state *state, bool reload)
 {
 	struct fw3_defaults *defs = &state->defaults;
 	const struct fw3_chain_spec *c;
 
-#define policy(t) \
-	((t == FW3_FLAG_REJECT) ? FW3_FLAG_DROP : t)
+#define policy(t) ((t == FW3_FLAG_REJECT) ? FW3_FLAG_DROP : t)
 
 	if (handle->family == FW3_FAMILY_V6 && defs->disable_ipv6)
 		return;
 
-	if (handle->table == FW3_TABLE_FILTER)
-	{
-		fw3_ipt_set_policy(handle, "INPUT",   policy(defs->policy_input));
-		fw3_ipt_set_policy(handle, "OUTPUT",  policy(defs->policy_output));
-		fw3_ipt_set_policy(handle, "FORWARD", policy(defs->policy_forward));
+	if (handle->table == FW3_TABLE_FILTER) {
+		fw3_ipt_set_policy(handle, "INPUT", policy(defs->policy_input));
+		fw3_ipt_set_policy(handle, "OUTPUT",
+				   policy(defs->policy_output));
+		fw3_ipt_set_policy(handle, "FORWARD",
+				   policy(defs->policy_forward));
 	}
 
 	if (defs->custom_chains)
@@ -201,8 +198,7 @@ fw3_print_default_chains(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	if (defs->syn_flood)
 		set(defs->flags, handle->family, FW3_FLAG_SYN_FLOOD);
 
-	for (c = default_chains; c->format; c++)
-	{
+	for (c = default_chains; c->format; c++) {
 		/* don't touch user chains on selective stop */
 		if (reload && c->flag == FW3_FLAG_CUSTOM_CHAINS)
 			continue;
@@ -214,7 +210,8 @@ fw3_print_default_chains(struct fw3_ipt_handle *handle, struct fw3_state *state,
 			continue;
 
 		if (c->flag &&
-		    !fw3_hasbit(defs->flags[handle->family == FW3_FAMILY_V6], c->flag))
+		    !fw3_hasbit(defs->flags[handle->family == FW3_FAMILY_V6],
+				c->flag))
 			continue;
 
 		fw3_ipt_create_chain(handle, c->format);
@@ -223,9 +220,8 @@ fw3_print_default_chains(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	set(defs->flags, handle->family, handle->table);
 }
 
-void
-fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
-                             struct fw3_state *state, bool reload)
+void fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
+				  struct fw3_state *state, bool reload)
 {
 	int i;
 	struct fw3_defaults *defs = &state->defaults;
@@ -234,13 +230,10 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 	struct fw3_ipt_rule *r;
 
 	const char *chains[] = {
-		"INPUT", "input",
-		"OUTPUT", "output",
-		"FORWARD", "forwarding",
+		"INPUT", "input", "OUTPUT", "output", "FORWARD", "forwarding",
 	};
 
-	switch (handle->table)
-	{
+	switch (handle->table) {
 	case FW3_TABLE_FILTER:
 
 		sprintf(lodev.name, "lo");
@@ -253,47 +246,49 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 		fw3_ipt_rule_target(r, "ACCEPT");
 		fw3_ipt_rule_append(r, "OUTPUT");
 
-		if (defs->custom_chains)
-		{
-			for (i = 0; i < ARRAY_SIZE(chains); i += 2)
-			{
+		if (defs->custom_chains) {
+			for (i = 0; i < ARRAY_SIZE(chains); i += 2) {
 				r = fw3_ipt_rule_new(handle);
-				fw3_ipt_rule_comment(r, "Custom %s rule chain", chains[i+1]);
-				fw3_ipt_rule_target(r, "%s_rule", chains[i+1]);
+				fw3_ipt_rule_comment(r, "Custom %s rule chain",
+						     chains[i + 1]);
+				fw3_ipt_rule_target(r, "%s_rule",
+						    chains[i + 1]);
 				fw3_ipt_rule_append(r, chains[i]);
 			}
 		}
 
-		if (defs->flow_offloading)
-		{
+		if (defs->flow_offloading) {
 			r = fw3_ipt_rule_new(handle);
 			fw3_ipt_rule_comment(r, "Traffic offloading");
-			fw3_ipt_rule_extra(r, "-m conntrack --ctstate RELATED,ESTABLISHED");
+			fw3_ipt_rule_extra(
+				r,
+				"-m conntrack --ctstate RELATED,ESTABLISHED");
 			fw3_ipt_rule_target(r, "FLOWOFFLOAD");
 			if (defs->flow_offloading_hw)
 				fw3_ipt_rule_addarg(r, false, "--hw", NULL);
 			fw3_ipt_rule_append(r, "FORWARD");
 		}
 
-		for (i = 0; i < ARRAY_SIZE(chains); i += 2)
-		{
+		for (i = 0; i < ARRAY_SIZE(chains); i += 2) {
 			r = fw3_ipt_rule_new(handle);
-			fw3_ipt_rule_extra(r, "-m conntrack --ctstate RELATED,ESTABLISHED");
+			fw3_ipt_rule_extra(
+				r,
+				"-m conntrack --ctstate RELATED,ESTABLISHED");
 			fw3_ipt_rule_target(r, "ACCEPT");
 			fw3_ipt_rule_append(r, chains[i]);
 
-			if (defs->drop_invalid)
-			{
+			if (defs->drop_invalid) {
 				r = fw3_ipt_rule_new(handle);
-				fw3_ipt_rule_extra(r, "-m conntrack --ctstate INVALID");
+				fw3_ipt_rule_extra(
+					r, "-m conntrack --ctstate INVALID");
 				fw3_ipt_rule_target(r, "DROP");
 				fw3_ipt_rule_append(r, chains[i]);
 			}
 		}
 
-		if (defs->syn_flood)
-		{
-			r = fw3_ipt_rule_create(handle, &tcp, NULL, NULL, NULL, NULL);
+		if (defs->syn_flood) {
+			r = fw3_ipt_rule_create(handle, &tcp, NULL, NULL, NULL,
+						NULL);
 			fw3_ipt_rule_extra(r, "--syn");
 			fw3_ipt_rule_limit(r, &defs->syn_flood_rate);
 			fw3_ipt_rule_target(r, "RETURN");
@@ -303,7 +298,8 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 			fw3_ipt_rule_target(r, "DROP");
 			fw3_ipt_rule_append(r, "syn_flood");
 
-			r = fw3_ipt_rule_create(handle, &tcp, NULL, NULL, NULL, NULL);
+			r = fw3_ipt_rule_create(handle, &tcp, NULL, NULL, NULL,
+						NULL);
 			fw3_ipt_rule_extra(r, "--syn");
 			fw3_ipt_rule_target(r, "syn_flood");
 			fw3_ipt_rule_append(r, "INPUT");
@@ -311,26 +307,30 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 
 		r = fw3_ipt_rule_create(handle, &tcp, NULL, NULL, NULL, NULL);
 		fw3_ipt_rule_target(r, "REJECT");
-		fw3_ipt_rule_addarg(r, false, "--reject-with", get_reject_code(handle->family, defs->tcp_reject_code));
+		fw3_ipt_rule_addarg(r, false, "--reject-with",
+				    get_reject_code(handle->family,
+						    defs->tcp_reject_code));
 		fw3_ipt_rule_append(r, "reject");
 
 		r = fw3_ipt_rule_new(handle);
 		fw3_ipt_rule_target(r, "REJECT");
-		fw3_ipt_rule_addarg(r, false, "--reject-with", get_reject_code(handle->family, defs->any_reject_code));
+		fw3_ipt_rule_addarg(r, false, "--reject-with",
+				    get_reject_code(handle->family,
+						    defs->any_reject_code));
 		fw3_ipt_rule_append(r, "reject");
 
 		break;
 
 	case FW3_TABLE_NAT:
-		if (defs->custom_chains)
-		{
+		if (defs->custom_chains) {
 			r = fw3_ipt_rule_new(handle);
 			fw3_ipt_rule_comment(r, "Custom prerouting rule chain");
 			fw3_ipt_rule_target(r, "prerouting_rule");
 			fw3_ipt_rule_append(r, "PREROUTING");
 
 			r = fw3_ipt_rule_new(handle);
-			fw3_ipt_rule_comment(r, "Custom postrouting rule chain");
+			fw3_ipt_rule_comment(r,
+					     "Custom postrouting rule chain");
 			fw3_ipt_rule_target(r, "postrouting_rule");
 			fw3_ipt_rule_append(r, "POSTROUTING");
 		}
@@ -341,9 +341,8 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 	}
 }
 
-void
-fw3_print_default_tail_rules(struct fw3_ipt_handle *handle,
-                             struct fw3_state *state, bool reload)
+void fw3_print_default_tail_rules(struct fw3_ipt_handle *handle,
+				  struct fw3_state *state, bool reload)
 {
 	struct fw3_defaults *defs = &state->defaults;
 	struct fw3_ipt_rule *r;
@@ -351,8 +350,7 @@ fw3_print_default_tail_rules(struct fw3_ipt_handle *handle,
 	if (handle->table != FW3_TABLE_FILTER)
 		return;
 
-	if (defs->policy_input == FW3_FLAG_REJECT)
-	{
+	if (defs->policy_input == FW3_FLAG_REJECT) {
 		r = fw3_ipt_rule_new(handle);
 
 		if (!r)
@@ -362,8 +360,7 @@ fw3_print_default_tail_rules(struct fw3_ipt_handle *handle,
 		fw3_ipt_rule_append(r, "INPUT");
 	}
 
-	if (defs->policy_output == FW3_FLAG_REJECT)
-	{
+	if (defs->policy_output == FW3_FLAG_REJECT) {
 		r = fw3_ipt_rule_new(handle);
 
 		if (!r)
@@ -373,8 +370,7 @@ fw3_print_default_tail_rules(struct fw3_ipt_handle *handle,
 		fw3_ipt_rule_append(r, "OUTPUT");
 	}
 
-	if (defs->policy_forward == FW3_FLAG_REJECT)
-	{
+	if (defs->policy_forward == FW3_FLAG_REJECT) {
 		r = fw3_ipt_rule_new(handle);
 
 		if (!r)
@@ -385,8 +381,7 @@ fw3_print_default_tail_rules(struct fw3_ipt_handle *handle,
 	}
 }
 
-static void
-set_default(const char *name, int set)
+static void set_default(const char *name, int set)
 {
 	FILE *f;
 	char path[sizeof("/proc/sys/net/ipv4/tcp_window_scaling\0")];
@@ -395,8 +390,7 @@ set_default(const char *name, int set)
 
 	info(" * Set tcp_%s to %s", name, set ? "on" : "off", name);
 
-	if (!(f = fopen(path, "w")))
-	{
+	if (!(f = fopen(path, "w"))) {
 		info("   ! Unable to write value: %s", strerror(errno));
 		return;
 	}
@@ -405,17 +399,15 @@ set_default(const char *name, int set)
 	fclose(f);
 }
 
-void
-fw3_set_defaults(struct fw3_state *state)
+void fw3_set_defaults(struct fw3_state *state)
 {
-	set_default("ecn",            state->defaults.tcp_ecn);
-	set_default("syncookies",     state->defaults.tcp_syncookies);
+	set_default("ecn", state->defaults.tcp_ecn);
+	set_default("syncookies", state->defaults.tcp_syncookies);
 	set_default("window_scaling", state->defaults.tcp_window_scaling);
 }
 
-void
-fw3_flush_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                bool reload)
+void fw3_flush_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
+		     bool reload)
 {
 	enum fw3_flag policy = reload ? FW3_FLAG_DROP : FW3_FLAG_ACCEPT;
 	struct fw3_defaults *defs = &state->defaults;
@@ -424,10 +416,9 @@ fw3_flush_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	if (!has(defs->flags, handle->family, handle->table))
 		return;
 
-	if (handle->table == FW3_TABLE_FILTER)
-	{
-		fw3_ipt_set_policy(handle, "INPUT",   policy);
-		fw3_ipt_set_policy(handle, "OUTPUT",  policy);
+	if (handle->table == FW3_TABLE_FILTER) {
+		fw3_ipt_set_policy(handle, "INPUT", policy);
+		fw3_ipt_set_policy(handle, "OUTPUT", policy);
 		fw3_ipt_set_policy(handle, "FORWARD", policy);
 	}
 
@@ -437,8 +428,7 @@ fw3_flush_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	fw3_ipt_delete_id_rules(handle, "PREROUTING");
 	fw3_ipt_delete_id_rules(handle, "POSTROUTING");
 
-	for (c = default_chains; c->format; c++)
-	{
+	for (c = default_chains; c->format; c++) {
 		/* don't touch user chains on selective stop */
 		if (reload && c->flag == FW3_FLAG_CUSTOM_CHAINS)
 			continue;
@@ -465,13 +455,11 @@ fw3_flush_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	del(defs->flags, handle->family, handle->table);
 }
 
-void
-fw3_flush_all(struct fw3_ipt_handle *handle)
+void fw3_flush_all(struct fw3_ipt_handle *handle)
 {
-	if (handle->table == FW3_TABLE_FILTER)
-	{
-		fw3_ipt_set_policy(handle, "INPUT",   FW3_FLAG_ACCEPT);
-		fw3_ipt_set_policy(handle, "OUTPUT",  FW3_FLAG_ACCEPT);
+	if (handle->table == FW3_TABLE_FILTER) {
+		fw3_ipt_set_policy(handle, "INPUT", FW3_FLAG_ACCEPT);
+		fw3_ipt_set_policy(handle, "OUTPUT", FW3_FLAG_ACCEPT);
 		fw3_ipt_set_policy(handle, "FORWARD", FW3_FLAG_ACCEPT);
 	}
 
diff --git a/defaults.h b/defaults.h
index 3611e46..7356485 100644
--- a/defaults.h
+++ b/defaults.h
@@ -27,18 +27,18 @@ extern const struct fw3_option fw3_flag_opts[];
 void fw3_load_defaults(struct fw3_state *state, struct uci_package *p);
 
 void fw3_print_default_chains(struct fw3_ipt_handle *handle,
-                              struct fw3_state *state, bool reload);
+			      struct fw3_state *state, bool reload);
 
 void fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
-                                  struct fw3_state *state, bool reload);
+				  struct fw3_state *state, bool reload);
 
 void fw3_print_default_tail_rules(struct fw3_ipt_handle *handle,
-                                  struct fw3_state *state, bool reload);
+				  struct fw3_state *state, bool reload);
 
 void fw3_set_defaults(struct fw3_state *state);
 
 void fw3_flush_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                     bool reload);
+		     bool reload);
 
 void fw3_flush_all(struct fw3_ipt_handle *handle);
 
diff --git a/forwards.c b/forwards.c
index b554b60..6b9cb96 100644
--- a/forwards.c
+++ b/forwards.c
@@ -18,48 +18,46 @@
 
 #include "forwards.h"
 
-
 const struct fw3_option fw3_forward_opts[] = {
-	FW3_OPT("enabled",             bool,     forward,     enabled),
+	FW3_OPT("enabled", bool, forward, enabled),
 
-	FW3_OPT("name",                string,   forward,     name),
-	FW3_OPT("family",              family,   forward,     family),
+	FW3_OPT("name", string, forward, name),
+	FW3_OPT("family", family, forward, family),
 
-	FW3_OPT("src",                 device,   forward,     src),
-	FW3_OPT("dest",                device,   forward,     dest),
+	FW3_OPT("src", device, forward, src),
+	FW3_OPT("dest", device, forward, dest),
 
-	{ }
+	{}
 };
 
-static bool
-check_forward(struct fw3_state *state, struct fw3_forward *forward, struct uci_element *e)
+static bool check_forward(struct fw3_state *state, struct fw3_forward *forward,
+			  struct uci_element *e)
 {
 	if (!forward->enabled)
 		return false;
 
-	if (forward->src.invert || forward->dest.invert)
-	{
-		warn_section("forward", forward, e, "must not have inverted 'src' or 'dest' options");
+	if (forward->src.invert || forward->dest.invert) {
+		warn_section("forward", forward, e,
+			     "must not have inverted 'src' or 'dest' options");
 		return false;
-	}
-	else if (forward->src.set && !forward->src.any &&
-		 !(forward->_src = fw3_lookup_zone(state, forward->src.name)))
-	{
-		warn_section("forward", forward, e, "refers to not existing zone '%s'",
-				forward->src.name);
+	} else if (forward->src.set && !forward->src.any &&
+		   !(forward->_src =
+			     fw3_lookup_zone(state, forward->src.name))) {
+		warn_section("forward", forward, e,
+			     "refers to not existing zone '%s'",
+			     forward->src.name);
 		return false;
-	}
-	else if (forward->dest.set && !forward->dest.any &&
-		 !(forward->_dest = fw3_lookup_zone(state, forward->dest.name)))
-	{
-		warn_section("forward", forward, e, "refers to not existing zone '%s'",
-				forward->dest.name);
+	} else if (forward->dest.set && !forward->dest.any &&
+		   !(forward->_dest =
+			     fw3_lookup_zone(state, forward->dest.name))) {
+		warn_section("forward", forward, e,
+			     "refers to not existing zone '%s'",
+			     forward->dest.name);
 		return false;
 	}
 
 	/* NB: forward family... */
-	if (forward->_dest)
-	{
+	if (forward->_dest) {
 		fw3_setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT);
 		fw3_setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT);
 	}
@@ -67,8 +65,7 @@ check_forward(struct fw3_state *state, struct fw3_forward *forward, struct uci_e
 	return true;
 }
 
-static struct fw3_forward *
-fw3_alloc_forward(struct fw3_state *state)
+static struct fw3_forward *fw3_alloc_forward(struct fw3_state *state)
 {
 	struct fw3_forward *forward;
 
@@ -83,9 +80,8 @@ fw3_alloc_forward(struct fw3_state *state)
 	return forward;
 }
 
-void
-fw3_load_forwards(struct fw3_state *state, struct uci_package *p,
-		struct blob_attr *a)
+void fw3_load_forwards(struct fw3_state *state, struct uci_package *p,
+		       struct blob_attr *a)
 {
 	struct uci_section *s;
 	struct uci_element *e;
@@ -110,9 +106,10 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p,
 		if (!forward)
 			continue;
 
-		if (!fw3_parse_blob_options(forward, fw3_forward_opts, entry, name))
-		{
-			warn_section("forward", forward, NULL, "skipped due to invalid options");
+		if (!fw3_parse_blob_options(forward, fw3_forward_opts, entry,
+					    name)) {
+			warn_section("forward", forward, NULL,
+				     "skipped due to invalid options");
 			fw3_free_forward(forward);
 			continue;
 		}
@@ -140,9 +137,7 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p,
 	}
 }
 
-
-static void
-append_chain(struct fw3_ipt_rule *r, struct fw3_forward *forward)
+static void append_chain(struct fw3_ipt_rule *r, struct fw3_forward *forward)
 {
 	if (forward->src.any || !forward->src.set)
 		fw3_ipt_rule_append(r, "FORWARD");
@@ -155,11 +150,12 @@ static void set_target(struct fw3_ipt_rule *r, struct fw3_forward *forward)
 	if (forward->dest.any || !forward->dest.set)
 		fw3_ipt_rule_target(r, "ACCEPT");
 	else
-		fw3_ipt_rule_target(r, "zone_%s_dest_ACCEPT", forward->dest.name);
+		fw3_ipt_rule_target(r, "zone_%s_dest_ACCEPT",
+				    forward->dest.name);
 }
 
-static void
-print_forward(struct fw3_ipt_handle *handle, struct fw3_forward *forward)
+static void print_forward(struct fw3_ipt_handle *handle,
+			  struct fw3_forward *forward)
 {
 	const char *s, *d;
 	struct fw3_ipt_rule *r;
@@ -170,14 +166,13 @@ print_forward(struct fw3_ipt_handle *handle, struct fw3_forward *forward)
 	if (!fw3_is_family(forward, handle->family))
 		return;
 
-	s = forward->_src  ? forward->_src->name  : "*";
+	s = forward->_src ? forward->_src->name : "*";
 	d = forward->_dest ? forward->_dest->name : "*";
 
 	info("   * Forward '%s' -> '%s'", s, d);
 
 	if (!fw3_is_family(forward->_src, handle->family) ||
-	    !fw3_is_family(forward->_dest, handle->family))
-	{
+	    !fw3_is_family(forward->_dest, handle->family)) {
 		info("     ! Skipping due to different family of zone");
 		return;
 	}
@@ -188,11 +183,10 @@ print_forward(struct fw3_ipt_handle *handle, struct fw3_forward *forward)
 	append_chain(r, forward);
 }
 
-void
-fw3_print_forwards(struct fw3_ipt_handle *handle, struct fw3_state *state)
+void fw3_print_forwards(struct fw3_ipt_handle *handle, struct fw3_state *state)
 {
 	struct fw3_forward *forward;
 
-	list_for_each_entry(forward, &state->forwards, list)
+	list_for_each_entry (forward, &state->forwards, list)
 		print_forward(handle, forward);
 }
diff --git a/forwards.h b/forwards.h
index 06d3e06..18a2df0 100644
--- a/forwards.h
+++ b/forwards.h
@@ -26,7 +26,8 @@
 
 extern const struct fw3_option fw3_forward_opts[];
 
-void fw3_load_forwards(struct fw3_state *state, struct uci_package *p, struct blob_attr *a);
+void fw3_load_forwards(struct fw3_state *state, struct uci_package *p,
+		       struct blob_attr *a);
 void fw3_print_forwards(struct fw3_ipt_handle *handle, struct fw3_state *state);
 
 static inline void fw3_free_forward(struct fw3_forward *forward)
diff --git a/helpers.c b/helpers.c
index 36317d2..73f1a84 100644
--- a/helpers.c
+++ b/helpers.c
@@ -18,22 +18,19 @@
 
 #include "helpers.h"
 
-
 const struct fw3_option fw3_cthelper_opts[] = {
-	FW3_OPT("enabled",     bool,     cthelper, enabled),
-	FW3_OPT("name",        string,   cthelper, name),
-	FW3_OPT("module",      string,   cthelper, module),
-	FW3_OPT("description", string,   cthelper, description),
-	FW3_OPT("family",      family,   cthelper, family),
-	FW3_LIST("proto",      protocol, cthelper, proto),
-	FW3_OPT("port",        port,     cthelper, port),
-
-	{ }
+	FW3_OPT("enabled", bool, cthelper, enabled),
+	FW3_OPT("name", string, cthelper, name),
+	FW3_OPT("module", string, cthelper, module),
+	FW3_OPT("description", string, cthelper, description),
+	FW3_OPT("family", family, cthelper, family),
+	FW3_LIST("proto", protocol, cthelper, proto),
+	FW3_OPT("port", port, cthelper, port),
+
+	{}
 };
 
-
-static bool
-test_module(struct fw3_cthelper *helper)
+static bool test_module(struct fw3_cthelper *helper)
 {
 	struct stat s;
 	char path[sizeof("/sys/module/nf_conntrack_xxxxxxxxxxxxxxxx")];
@@ -46,16 +43,14 @@ test_module(struct fw3_cthelper *helper)
 	return true;
 }
 
-static bool
-check_cthelper_proto(const struct fw3_cthelper *helper)
+static bool check_cthelper_proto(const struct fw3_cthelper *helper)
 {
-	struct fw3_protocol	*proto;
+	struct fw3_protocol *proto;
 
 	if (list_empty(&helper->proto))
 		return false;
 
-	list_for_each_entry(proto, &helper->proto, list)
-	{
+	list_for_each_entry (proto, &helper->proto, list) {
 		if (!proto->protocol || proto->any || proto->invert)
 			return false;
 	}
@@ -63,35 +58,27 @@ check_cthelper_proto(const struct fw3_cthelper *helper)
 	return true;
 }
 
-static bool
-check_cthelper(struct fw3_state *state, struct fw3_cthelper *helper, struct uci_element *e)
+static bool check_cthelper(struct fw3_state *state, struct fw3_cthelper *helper,
+			   struct uci_element *e)
 {
-	if (!helper->name || !*helper->name)
-	{
+	if (!helper->name || !*helper->name) {
 		warn_section("helper", helper, e, "must have a name assigned");
-	}
-	else if (!helper->module || !*helper->module)
-	{
-		warn_section("helper", helper, e, "must have a module assigned");
-	}
-	else if (!check_cthelper_proto(helper))
-	{
+	} else if (!helper->module || !*helper->module) {
+		warn_section("helper", helper, e,
+			     "must have a module assigned");
+	} else if (!check_cthelper_proto(helper)) {
 		warn_section("helper", helper, e, "must specify a protocol");
-	}
-	else if (helper->port.set && helper->port.invert)
-	{
-		warn_section("helper", helper, e, "must not specify negated ports");
-	}
-	else
-	{
+	} else if (helper->port.set && helper->port.invert) {
+		warn_section("helper", helper, e,
+			     "must not specify negated ports");
+	} else {
 		return true;
 	}
 
 	return false;
 }
 
-static struct fw3_cthelper *
-fw3_alloc_cthelper(struct fw3_state *state)
+static struct fw3_cthelper *fw3_alloc_cthelper(struct fw3_state *state)
 {
 	struct fw3_cthelper *helper;
 
@@ -100,7 +87,7 @@ fw3_alloc_cthelper(struct fw3_state *state)
 		return NULL;
 
 	helper->enabled = true;
-	helper->family  = FW3_FAMILY_ANY;
+	helper->family = FW3_FAMILY_ANY;
 	INIT_LIST_HEAD(&helper->proto);
 
 	list_add_tail(&helper->list, &state->cthelpers);
@@ -108,8 +95,7 @@ fw3_alloc_cthelper(struct fw3_state *state)
 	return helper;
 }
 
-static void
-load_cthelpers(struct fw3_state *state, struct uci_package *p)
+static void load_cthelpers(struct fw3_state *state, struct uci_package *p)
 {
 	struct fw3_cthelper *helper;
 	struct uci_section *s;
@@ -135,8 +121,7 @@ load_cthelpers(struct fw3_state *state, struct uci_package *p)
 	}
 }
 
-void
-fw3_load_cthelpers(struct fw3_state *state, struct uci_package *p)
+void fw3_load_cthelpers(struct fw3_state *state, struct uci_package *p)
 {
 	struct uci_package *hp = NULL;
 	FILE *fp;
@@ -156,16 +141,15 @@ fw3_load_cthelpers(struct fw3_state *state, struct uci_package *p)
 	load_cthelpers(state, p);
 }
 
-struct fw3_cthelper *
-fw3_lookup_cthelper(struct fw3_state *state, const char *name)
+struct fw3_cthelper *fw3_lookup_cthelper(struct fw3_state *state,
+					 const char *name)
 {
 	struct fw3_cthelper *h;
 
 	if (list_empty(&state->cthelpers))
 		return NULL;
 
-	list_for_each_entry(h, &state->cthelpers, list)
-	{
+	list_for_each_entry (h, &state->cthelpers, list) {
 		if (strcasecmp(h->name, name))
 			continue;
 
@@ -175,13 +159,12 @@ fw3_lookup_cthelper(struct fw3_state *state, const char *name)
 	return NULL;
 }
 
-bool
-fw3_cthelper_check_proto(const struct fw3_cthelper *h, const struct fw3_protocol *proto)
+bool fw3_cthelper_check_proto(const struct fw3_cthelper *h,
+			      const struct fw3_protocol *proto)
 {
-	struct fw3_protocol	*p;
+	struct fw3_protocol *p;
 
-	list_for_each_entry(p, &h->proto, list)
-	{
+	list_for_each_entry (p, &h->proto, list) {
 		if (p->protocol == proto->protocol)
 			return true;
 	}
@@ -191,8 +174,8 @@ fw3_cthelper_check_proto(const struct fw3_cthelper *h, const struct fw3_protocol
 
 struct fw3_cthelper *
 fw3_lookup_cthelper_by_proto_port(struct fw3_state *state,
-                                  struct fw3_protocol *proto,
-                                  struct fw3_port *port)
+				  struct fw3_protocol *proto,
+				  struct fw3_port *port)
 {
 	struct fw3_cthelper *h;
 
@@ -205,8 +188,7 @@ fw3_lookup_cthelper_by_proto_port(struct fw3_state *state,
 	if (port && port->invert)
 		return NULL;
 
-	list_for_each_entry(h, &state->cthelpers, list)
-	{
+	list_for_each_entry (h, &state->cthelpers, list) {
 		if (!h->enabled)
 			continue;
 
@@ -222,15 +204,15 @@ fw3_lookup_cthelper_by_proto_port(struct fw3_state *state,
 		if (h->port.set && port && port->set &&
 		    h->port.port_min <= port->port_min &&
 		    h->port.port_max >= port->port_max)
-		    return h;
+			return h;
 	}
 
 	return NULL;
 }
 
-static void
-print_helper_rule(struct fw3_ipt_handle *handle, struct fw3_cthelper *helper,
-                  struct fw3_zone *zone, struct fw3_protocol *proto)
+static void print_helper_rule(struct fw3_ipt_handle *handle,
+			      struct fw3_cthelper *helper,
+			      struct fw3_zone *zone, struct fw3_protocol *proto)
 {
 	struct fw3_ipt_rule *r;
 
@@ -247,19 +229,18 @@ print_helper_rule(struct fw3_ipt_handle *handle, struct fw3_cthelper *helper,
 	fw3_ipt_rule_replace(r, "zone_%s_helper", zone->name);
 }
 
-static void
-expand_helper_rule(struct fw3_ipt_handle *handle, struct fw3_cthelper *helper,
-                  struct fw3_zone *zone)
+static void expand_helper_rule(struct fw3_ipt_handle *handle,
+			       struct fw3_cthelper *helper,
+			       struct fw3_zone *zone)
 {
 	struct fw3_protocol *proto;
 
-	list_for_each_entry(proto, &helper->proto, list)
+	list_for_each_entry (proto, &helper->proto, list)
 		print_helper_rule(handle, helper, zone, proto);
 }
 
-void
-fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                    struct fw3_zone *zone)
+void fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
+			 struct fw3_zone *zone)
 {
 	struct fw3_cthelper *helper;
 	struct fw3_cthelpermatch *match;
@@ -270,8 +251,7 @@ fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	if (!fw3_is_family(zone, handle->family))
 		return;
 
-	if (list_empty(&zone->cthelpers))
-	{
+	if (list_empty(&zone->cthelpers)) {
 		if (zone->masq || !zone->auto_helper)
 			return;
 
@@ -280,8 +260,7 @@ fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
 
 		info("     - Using automatic conntrack helper attachment");
 
-		list_for_each_entry(helper, &state->cthelpers, list)
-		{
+		list_for_each_entry (helper, &state->cthelpers, list) {
 			if (!helper || !helper->enabled)
 				continue;
 
@@ -293,11 +272,8 @@ fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
 
 			expand_helper_rule(handle, helper, zone);
 		}
-	}
-	else
-	{
-		list_for_each_entry(match, &zone->cthelpers, list)
-		{
+	} else {
+		list_for_each_entry (match, &zone->cthelpers, list) {
 			helper = match->ptr;
 
 			if (!helper || !helper->enabled)
@@ -306,8 +282,7 @@ fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
 			if (!fw3_is_family(helper, handle->family))
 				continue;
 
-			if (!test_module(helper))
-			{
+			if (!test_module(helper)) {
 				info("     ! Conntrack module '%s' for helper '%s' is not loaded",
 				     helper->module, helper->name);
 				continue;
diff --git a/helpers.h b/helpers.h
index e2a99cd..4ec7db9 100644
--- a/helpers.h
+++ b/helpers.h
@@ -23,26 +23,23 @@
 #include "utils.h"
 #include "iptables.h"
 
-
 extern const struct fw3_option fw3_cthelper_opts[];
 
-void
-fw3_load_cthelpers(struct fw3_state *state, struct uci_package *p);
+void fw3_load_cthelpers(struct fw3_state *state, struct uci_package *p);
 
-struct fw3_cthelper *
-fw3_lookup_cthelper(struct fw3_state *state, const char *name);
+struct fw3_cthelper *fw3_lookup_cthelper(struct fw3_state *state,
+					 const char *name);
 
 struct fw3_cthelper *
 fw3_lookup_cthelper_by_proto_port(struct fw3_state *state,
-                                  struct fw3_protocol *proto,
-                                  struct fw3_port *port);
+				  struct fw3_protocol *proto,
+				  struct fw3_port *port);
 
-void
-fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                    struct fw3_zone *zone);
+void fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
+			 struct fw3_zone *zone);
 
-bool
-fw3_cthelper_check_proto(const struct fw3_cthelper *h, const struct fw3_protocol *proto);
+bool fw3_cthelper_check_proto(const struct fw3_cthelper *h,
+			      const struct fw3_protocol *proto);
 
 static inline void fw3_free_cthelper(struct fw3_cthelper *helper)
 {
diff --git a/icmp_codes.h b/icmp_codes.h
index 063f829..dffd93d 100644
--- a/icmp_codes.h
+++ b/icmp_codes.h
@@ -19,89 +19,88 @@
 #ifndef __FW3_ICMP_CODES_H
 #define __FW3_ICMP_CODES_H
 
-
 struct fw3_icmptype_entry {
-        const char *name;
-        uint8_t type;
-        uint8_t code_min;
-		uint8_t code_max;
+	const char *name;
+	uint8_t type;
+	uint8_t code_min;
+	uint8_t code_max;
 };
 
 /* taken from iptables extensions/libipt_icmp.c */
 static const struct fw3_icmptype_entry fw3_icmptype_list_v4[] = {
-        { "any", 0xFF, 0, 0xFF },
-        { "echo-reply", 0, 0, 0xFF },
-        /* Alias */ { "pong", 0, 0, 0xFF },
-
-        { "destination-unreachable", 3, 0, 0xFF },
-        {   "network-unreachable", 3, 0, 0 },
-        {   "host-unreachable", 3, 1, 1 },
-        {   "protocol-unreachable", 3, 2, 2 },
-        {   "port-unreachable", 3, 3, 3 },
-        {   "fragmentation-needed", 3, 4, 4 },
-        {   "source-route-failed", 3, 5, 5 },
-        {   "network-unknown", 3, 6, 6 },
-        {   "host-unknown", 3, 7, 7 },
-        {   "network-prohibited", 3, 9, 9 },
-        {   "host-prohibited", 3, 10, 10 },
-        {   "TOS-network-unreachable", 3, 11, 11 },
-        {   "TOS-host-unreachable", 3, 12, 12 },
-        {   "communication-prohibited", 3, 13, 13 },
-        {   "host-precedence-violation", 3, 14, 14 },
-        {   "precedence-cutoff", 3, 15, 15 },
-
-        { "source-quench", 4, 0, 0xFF },
-
-        { "redirect", 5, 0, 0xFF },
-        {   "network-redirect", 5, 0, 0 },
-        {   "host-redirect", 5, 1, 1 },
-        {   "TOS-network-redirect", 5, 2, 2 },
-        {   "TOS-host-redirect", 5, 3, 3 },
-
-        { "echo-request", 8, 0, 0xFF },
-        /* Alias */ { "ping", 8, 0, 0xFF },
-
-        { "router-advertisement", 9, 0, 0xFF },
-
-        { "router-solicitation", 10, 0, 0xFF },
-
-        { "time-exceeded", 11, 0, 0xFF },
-        /* Alias */ { "ttl-exceeded", 11, 0, 0xFF },
-        {   "ttl-zero-during-transit", 11, 0, 0 },
-        {   "ttl-zero-during-reassembly", 11, 1, 1 },
-
-        { "parameter-problem", 12, 0, 0xFF },
-        {   "ip-header-bad", 12, 0, 0 },
-        {   "required-option-missing", 12, 1, 1 },
-
-        { "timestamp-request", 13, 0, 0xFF },
-
-        { "timestamp-reply", 14, 0, 0xFF },
-
-        { "address-mask-request", 17, 0, 0xFF },
-
-        { "address-mask-reply", 18, 0, 0xFF }
+	{ "any", 0xFF, 0, 0xFF },
+	{ "echo-reply", 0, 0, 0xFF },
+	/* Alias */ { "pong", 0, 0, 0xFF },
+
+	{ "destination-unreachable", 3, 0, 0xFF },
+	{ "network-unreachable", 3, 0, 0 },
+	{ "host-unreachable", 3, 1, 1 },
+	{ "protocol-unreachable", 3, 2, 2 },
+	{ "port-unreachable", 3, 3, 3 },
+	{ "fragmentation-needed", 3, 4, 4 },
+	{ "source-route-failed", 3, 5, 5 },
+	{ "network-unknown", 3, 6, 6 },
+	{ "host-unknown", 3, 7, 7 },
+	{ "network-prohibited", 3, 9, 9 },
+	{ "host-prohibited", 3, 10, 10 },
+	{ "TOS-network-unreachable", 3, 11, 11 },
+	{ "TOS-host-unreachable", 3, 12, 12 },
+	{ "communication-prohibited", 3, 13, 13 },
+	{ "host-precedence-violation", 3, 14, 14 },
+	{ "precedence-cutoff", 3, 15, 15 },
+
+	{ "source-quench", 4, 0, 0xFF },
+
+	{ "redirect", 5, 0, 0xFF },
+	{ "network-redirect", 5, 0, 0 },
+	{ "host-redirect", 5, 1, 1 },
+	{ "TOS-network-redirect", 5, 2, 2 },
+	{ "TOS-host-redirect", 5, 3, 3 },
+
+	{ "echo-request", 8, 0, 0xFF },
+	/* Alias */ { "ping", 8, 0, 0xFF },
+
+	{ "router-advertisement", 9, 0, 0xFF },
+
+	{ "router-solicitation", 10, 0, 0xFF },
+
+	{ "time-exceeded", 11, 0, 0xFF },
+	/* Alias */ { "ttl-exceeded", 11, 0, 0xFF },
+	{ "ttl-zero-during-transit", 11, 0, 0 },
+	{ "ttl-zero-during-reassembly", 11, 1, 1 },
+
+	{ "parameter-problem", 12, 0, 0xFF },
+	{ "ip-header-bad", 12, 0, 0 },
+	{ "required-option-missing", 12, 1, 1 },
+
+	{ "timestamp-request", 13, 0, 0xFF },
+
+	{ "timestamp-reply", 14, 0, 0xFF },
+
+	{ "address-mask-request", 17, 0, 0xFF },
+
+	{ "address-mask-reply", 18, 0, 0xFF }
 };
 
 /* taken from iptables extensions/libip6t_icmp6.c */
 static const struct fw3_icmptype_entry fw3_icmptype_list_v6[] = {
 	{ "destination-unreachable", 1, 0, 0xFF },
-	{   "no-route", 1, 0, 0 },
-	{   "communication-prohibited", 1, 1, 1 },
-	{   "address-unreachable", 1, 3, 3 },
-	{   "port-unreachable", 1, 4, 4 },
+	{ "no-route", 1, 0, 0 },
+	{ "communication-prohibited", 1, 1, 1 },
+	{ "address-unreachable", 1, 3, 3 },
+	{ "port-unreachable", 1, 4, 4 },
 
 	{ "packet-too-big", 2, 0, 0xFF },
 
 	{ "time-exceeded", 3, 0, 0xFF },
 	/* Alias */ { "ttl-exceeded", 3, 0, 0xFF },
-	{   "ttl-zero-during-transit", 3, 0, 0 },
-	{   "ttl-zero-during-reassembly", 3, 1, 1 },
+	{ "ttl-zero-during-transit", 3, 0, 0 },
+	{ "ttl-zero-during-reassembly", 3, 1, 1 },
 
 	{ "parameter-problem", 4, 0, 0xFF },
-	{   "bad-header", 4, 0, 0 },
-	{   "unknown-header-type", 4, 1, 1 },
-	{   "unknown-option", 4, 2, 2 },
+	{ "bad-header", 4, 0, 0 },
+	{ "unknown-header-type", 4, 1, 1 },
+	{ "unknown-option", 4, 2, 2 },
 
 	{ "echo-request", 128, 0, 0xFF },
 	/* Alias */ { "ping", 128, 0, 0xFF },
diff --git a/includes.c b/includes.c
index 8639210..d2d6f6b 100644
--- a/includes.c
+++ b/includes.c
@@ -18,39 +18,38 @@
 
 #include "includes.h"
 
-
 const struct fw3_option fw3_include_opts[] = {
-	FW3_OPT("enabled",             bool,           include,     enabled),
+	FW3_OPT("enabled", bool, include, enabled),
 
-	FW3_OPT("path",                string,         include,     path),
-	FW3_OPT("type",                include_type,   include,     type),
-	FW3_OPT("family",              family,         include,     family),
-	FW3_OPT("reload",              bool,           include,     reload),
+	FW3_OPT("path", string, include, path),
+	FW3_OPT("type", include_type, include, type),
+	FW3_OPT("family", family, include, family),
+	FW3_OPT("reload", bool, include, reload),
 
-	{ }
+	{}
 };
 
-static bool
-check_include(struct fw3_state *state, struct fw3_include *include, struct uci_element *e)
+static bool check_include(struct fw3_state *state, struct fw3_include *include,
+			  struct uci_element *e)
 {
 	if (!include->enabled)
 		return false;
 
-	if (!include->path)
-	{
+	if (!include->path) {
 		warn_section("include", include, e, "must specify a path");
 		return false;
 	}
 
 	if (include->type == FW3_INC_TYPE_RESTORE && !include->family)
-		warn_section("include", include, e, "does not specify a family, include will get"
-				"loaded with both iptables-restore and ip6tables-restore!");
+		warn_section(
+			"include", include, e,
+			"does not specify a family, include will get"
+			"loaded with both iptables-restore and ip6tables-restore!");
 
 	return true;
 }
 
-static struct fw3_include *
-fw3_alloc_include(struct fw3_state *state)
+static struct fw3_include *fw3_alloc_include(struct fw3_state *state)
 {
 	struct fw3_include *include;
 
@@ -65,9 +64,8 @@ fw3_alloc_include(struct fw3_state *state)
 	return include;
 }
 
-void
-fw3_load_includes(struct fw3_state *state, struct uci_package *p,
-		struct blob_attr *a)
+void fw3_load_includes(struct fw3_state *state, struct uci_package *p,
+		       struct blob_attr *a)
 {
 	struct uci_section *s;
 	struct uci_element *e;
@@ -92,9 +90,10 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p,
 		if (!include)
 			continue;
 
-		if (!fw3_parse_blob_options(include, fw3_include_opts, entry, name))
-		{
-			warn_section("include", include, NULL, "skipped due to invalid options");
+		if (!fw3_parse_blob_options(include, fw3_include_opts, entry,
+					    name)) {
+			warn_section("include", include, NULL,
+				     "skipped due to invalid options");
 			fw3_free_include(include);
 			continue;
 		}
@@ -124,17 +123,14 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p,
 	}
 }
 
-
-static void
-print_include(struct fw3_include *include)
+static void print_include(struct fw3_include *include)
 {
 	FILE *f;
 	char line[1024];
 
 	info(" * Loading include '%s'", include->path);
 
-	if (!(f = fopen(include->path, "r")))
-	{
+	if (!(f = fopen(include->path, "r"))) {
 		info("   ! Skipping due to open error: %s", strerror(errno));
 		return;
 	}
@@ -145,8 +141,8 @@ print_include(struct fw3_include *include)
 	fclose(f);
 }
 
-void
-fw3_print_includes(struct fw3_state *state, enum fw3_family family, bool reload)
+void fw3_print_includes(struct fw3_state *state, enum fw3_family family,
+			bool reload)
 {
 	struct fw3_include *include;
 
@@ -156,8 +152,7 @@ fw3_print_includes(struct fw3_state *state, enum fw3_family family, bool reload)
 	if (family == FW3_FAMILY_V6)
 		restore = "ip6tables-restore";
 
-	list_for_each_entry(include, &state->includes, list)
-	{
+	list_for_each_entry (include, &state->includes, list) {
 		if (reload && !include->reload)
 			continue;
 
@@ -167,8 +162,7 @@ fw3_print_includes(struct fw3_state *state, enum fw3_family family, bool reload)
 		if (!fw3_is_family(include, family))
 			continue;
 
-		if (!exec)
-		{
+		if (!exec) {
 			exec = fw3_command_pipe(false, restore, "--noflush");
 
 			if (!exec)
@@ -182,24 +176,21 @@ fw3_print_includes(struct fw3_state *state, enum fw3_family family, bool reload)
 		fw3_command_close();
 }
 
-
-static void
-run_include(struct fw3_include *include)
+static void run_include(struct fw3_include *include)
 {
 	int rv;
 	struct stat s;
 	const char *tmpl =
 		"config() { "
-			"echo \"You cannot use UCI in firewall includes!\" >&2; "
-			"exit 1; "
+		"echo \"You cannot use UCI in firewall includes!\" >&2; "
+		"exit 1; "
 		"}; . %s";
 
 	char buf[PATH_MAX + sizeof(tmpl)];
 
 	info(" * Running script '%s'", include->path);
 
-	if (stat(include->path, &s))
-	{
+	if (stat(include->path, &s)) {
 		info("   ! Skipping due to path error: %s", strerror(errno));
 		return;
 	}
@@ -211,13 +202,11 @@ run_include(struct fw3_include *include)
 		info("   ! Failed with exit code %u", WEXITSTATUS(rv));
 }
 
-void
-fw3_run_includes(struct fw3_state *state, bool reload)
+void fw3_run_includes(struct fw3_state *state, bool reload)
 {
 	struct fw3_include *include;
 
-	list_for_each_entry(include, &state->includes, list)
-	{
+	list_for_each_entry (include, &state->includes, list) {
 		if (reload && !include->reload)
 			continue;
 
diff --git a/includes.h b/includes.h
index 3a0af1b..7a20905 100644
--- a/includes.h
+++ b/includes.h
@@ -24,10 +24,11 @@
 
 extern const struct fw3_option fw3_include_opts[];
 
-void fw3_load_includes(struct fw3_state *state, struct uci_package *p, struct blob_attr *a);
+void fw3_load_includes(struct fw3_state *state, struct uci_package *p,
+		       struct blob_attr *a);
 
 void fw3_print_includes(struct fw3_state *state, enum fw3_family family,
-                        bool reload);
+			bool reload);
 
 void fw3_run_includes(struct fw3_state *state, bool reload);
 
diff --git a/ipsets.c b/ipsets.c
index b73c3d2..bdbc4ef 100644
--- a/ipsets.c
+++ b/ipsets.c
@@ -18,44 +18,46 @@
 
 #include "ipsets.h"
 
-
 const struct fw3_option fw3_ipset_opts[] = {
-	FW3_OPT("enabled",       bool,           ipset,     enabled),
+	FW3_OPT("enabled", bool, ipset, enabled),
 
-	FW3_OPT("name",          string,         ipset,     name),
-	FW3_OPT("family",        family,         ipset,     family),
+	FW3_OPT("name", string, ipset, name),
+	FW3_OPT("family", family, ipset, family),
 
-	FW3_OPT("storage",       ipset_method,   ipset,     method),
-	FW3_LIST("match",        ipset_datatype, ipset,     datatypes),
+	FW3_OPT("storage", ipset_method, ipset, method),
+	FW3_LIST("match", ipset_datatype, ipset, datatypes),
 
-	FW3_OPT("iprange",       address,        ipset,     iprange),
-	FW3_OPT("portrange",     port,           ipset,     portrange),
+	FW3_OPT("iprange", address, ipset, iprange),
+	FW3_OPT("portrange", port, ipset, portrange),
 
-	FW3_OPT("netmask",       int,            ipset,     netmask),
-	FW3_OPT("maxelem",       int,            ipset,     maxelem),
-	FW3_OPT("hashsize",      int,            ipset,     hashsize),
-	FW3_OPT("timeout",       int,            ipset,     timeout),
+	FW3_OPT("netmask", int, ipset, netmask),
+	FW3_OPT("maxelem", int, ipset, maxelem),
+	FW3_OPT("hashsize", int, ipset, hashsize),
+	FW3_OPT("timeout", int, ipset, timeout),
 
-	FW3_OPT("external",      string,         ipset,     external),
+	FW3_OPT("external", string, ipset, external),
 
-	FW3_LIST("entry",        setentry,       ipset,     entries),
-	FW3_OPT("loadfile",      string,         ipset,     loadfile),
+	FW3_LIST("entry", setentry, ipset, entries),
+	FW3_OPT("loadfile", string, ipset, loadfile),
 
-	{ }
+	{}
 };
 
-#define T(m, t1, t2, t3, r, o) \
-	{ FW3_IPSET_METHOD_##m, \
-	  FW3_IPSET_TYPE_##t1 | (FW3_IPSET_TYPE_##t2 << 8) | (FW3_IPSET_TYPE_##t3 << 16), \
-	  r, o }
+#define T(m, t1, t2, t3, r, o)                                                 \
+	{                                                                      \
+		FW3_IPSET_METHOD_##m,                                          \
+			FW3_IPSET_TYPE_##t1 | (FW3_IPSET_TYPE_##t2 << 8) |     \
+				(FW3_IPSET_TYPE_##t3 << 16),                   \
+			r, o                                                   \
+	}
 
 enum ipset_optflag {
-	OPT_IPRANGE   = (1 << 0),
+	OPT_IPRANGE = (1 << 0),
 	OPT_PORTRANGE = (1 << 1),
-	OPT_NETMASK   = (1 << 2),
-	OPT_HASHSIZE  = (1 << 3),
-	OPT_MAXELEM   = (1 << 4),
-	OPT_FAMILY    = (1 << 5),
+	OPT_NETMASK = (1 << 2),
+	OPT_HASHSIZE = (1 << 3),
+	OPT_MAXELEM = (1 << 4),
+	OPT_FAMILY = (1 << 5),
 };
 
 struct ipset_type {
@@ -66,39 +68,33 @@ struct ipset_type {
 };
 
 static struct ipset_type ipset_types[] = {
-	T(BITMAP, IP,   UNSPEC, UNSPEC, OPT_IPRANGE, OPT_NETMASK),
-	T(BITMAP, IP,   MAC,    UNSPEC, OPT_IPRANGE, 0),
+	T(BITMAP, IP, UNSPEC, UNSPEC, OPT_IPRANGE, OPT_NETMASK),
+	T(BITMAP, IP, MAC, UNSPEC, OPT_IPRANGE, 0),
 	T(BITMAP, PORT, UNSPEC, UNSPEC, OPT_PORTRANGE, 0),
 
-	T(HASH,   IP,   UNSPEC, UNSPEC, 0,
+	T(HASH, IP, UNSPEC, UNSPEC, 0,
 	  OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM | OPT_NETMASK),
-	T(HASH,   NET,  UNSPEC, UNSPEC, 0,
-	  OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
-	T(HASH,   IP,   PORT,   UNSPEC, 0,
-	  OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
-	T(HASH,   NET,  PORT,   UNSPEC, 0,
-	  OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
-	T(HASH,   IP,   PORT,   IP,     0,
-	  OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
-	T(HASH,   IP,   PORT,   NET,    0,
+	T(HASH, NET, UNSPEC, UNSPEC, 0,
 	  OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
+	T(HASH, IP, PORT, UNSPEC, 0, OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
+	T(HASH, NET, PORT, UNSPEC, 0, OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
+	T(HASH, IP, PORT, IP, 0, OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
+	T(HASH, IP, PORT, NET, 0, OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
 
-	T(LIST,   SET,  UNSPEC, UNSPEC, 0, OPT_MAXELEM),
+	T(LIST, SET, UNSPEC, UNSPEC, 0, OPT_MAXELEM),
 };
 
-
-static bool
-check_types(struct uci_element *e, struct fw3_ipset *ipset)
+static bool check_types(struct uci_element *e, struct fw3_ipset *ipset)
 {
 	int i = 0;
 	uint32_t typelist = 0;
 	struct fw3_ipset_datatype *type;
 
-	list_for_each_entry(type, &ipset->datatypes, list)
-	{
-		if (i >= 3)
-		{
-			warn_section("ipset", ipset, e, "must not have more than 3 datatypes assigned");
+	list_for_each_entry (type, &ipset->datatypes, list) {
+		if (i >= 3) {
+			warn_section(
+				"ipset", ipset, e,
+				"must not have more than 3 datatypes assigned");
 			return false;
 		}
 
@@ -106,20 +102,19 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset)
 	}
 
 	/* find a suitable storage method if none specified */
-	if (ipset->method == FW3_IPSET_METHOD_UNSPEC)
-	{
-		for (i = 0; i < ARRAY_SIZE(ipset_types); i++)
-		{
+	if (ipset->method == FW3_IPSET_METHOD_UNSPEC) {
+		for (i = 0; i < ARRAY_SIZE(ipset_types); i++) {
 			/* skip type for v6 if it does not support family */
 			if (ipset->family != FW3_FAMILY_V4 &&
 			    !(ipset_types[i].optional & OPT_FAMILY))
 				continue;
 
-			if (ipset_types[i].types == typelist)
-			{
+			if (ipset_types[i].types == typelist) {
 				ipset->method = ipset_types[i].method;
 
-				warn_section("ipset", ipset, e, "defines no storage method, assuming '%s'",
+				warn_section(
+					"ipset", ipset, e,
+					"defines no storage method, assuming '%s'",
 					fw3_ipset_method_names[ipset->method]);
 
 				break;
@@ -129,66 +124,64 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset)
 
 	//typelist |= ipset->method;
 
-	for (i = 0; i < ARRAY_SIZE(ipset_types); i++)
-	{
+	for (i = 0; i < ARRAY_SIZE(ipset_types); i++) {
 		if (ipset_types[i].method == ipset->method &&
-		    ipset_types[i].types == typelist)
-		{
-			if (!ipset->external)
-			{
+		    ipset_types[i].types == typelist) {
+			if (!ipset->external) {
 				if ((ipset_types[i].required & OPT_IPRANGE) &&
-					!ipset->iprange.set)
-				{
-					warn_section("ipset", ipset, e, "requires an ip range");
+				    !ipset->iprange.set) {
+					warn_section("ipset", ipset, e,
+						     "requires an ip range");
 					return false;
 				}
 
 				if ((ipset_types[i].required & OPT_PORTRANGE) &&
-				    !ipset->portrange.set)
-				{
-					warn_section("ipset", ipset, e, "requires a port range");
+				    !ipset->portrange.set) {
+					warn_section("ipset", ipset, e,
+						     "requires a port range");
 					return false;
 				}
 
 				if (!(ipset_types[i].required & OPT_IPRANGE) &&
-				    ipset->iprange.set)
-				{
-					warn_section("ipset", ipset, e, "iprange ignored");
+				    ipset->iprange.set) {
+					warn_section("ipset", ipset, e,
+						     "iprange ignored");
 					ipset->iprange.set = false;
 				}
 
-				if (!(ipset_types[i].required & OPT_PORTRANGE) &&
-				    ipset->portrange.set)
-				{
-					warn_section("ipset", ipset, e, "portrange ignored");
+				if (!(ipset_types[i].required &
+				      OPT_PORTRANGE) &&
+				    ipset->portrange.set) {
+					warn_section("ipset", ipset, e,
+						     "portrange ignored");
 					ipset->portrange.set = false;
 				}
 
 				if (!(ipset_types[i].optional & OPT_NETMASK) &&
-				    ipset->netmask > 0)
-				{
-					warn_section("ipset", ipset, e, "netmask ignored");
+				    ipset->netmask > 0) {
+					warn_section("ipset", ipset, e,
+						     "netmask ignored");
 					ipset->netmask = 0;
 				}
 
 				if (!(ipset_types[i].optional & OPT_HASHSIZE) &&
-				    ipset->hashsize > 0)
-				{
-					warn_section("ipset", ipset, e, "hashsize ignored");
+				    ipset->hashsize > 0) {
+					warn_section("ipset", ipset, e,
+						     "hashsize ignored");
 					ipset->hashsize = 0;
 				}
 
 				if (!(ipset_types[i].optional & OPT_MAXELEM) &&
-				    ipset->maxelem > 0)
-				{
-					warn_section("ipset", ipset, e, "maxelem ignored");
+				    ipset->maxelem > 0) {
+					warn_section("ipset", ipset, e,
+						     "maxelem ignored");
 					ipset->maxelem = 0;
 				}
 
 				if (!(ipset_types[i].optional & OPT_FAMILY) &&
-				    ipset->family != FW3_FAMILY_V4)
-				{
-					warn_section("ipset", ipset, e, "family ignored");
+				    ipset->family != FW3_FAMILY_V4) {
+					warn_section("ipset", ipset, e,
+						     "family ignored");
 					ipset->family = FW3_FAMILY_V4;
 				}
 			}
@@ -197,51 +190,46 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset)
 		}
 	}
 
-	warn_section("ipset", ipset, e, "has an invalid combination of storage method and matches");
+	warn_section(
+		"ipset", ipset, e,
+		"has an invalid combination of storage method and matches");
 	return false;
 }
 
-static bool
-check_ipset(struct fw3_state *state, struct fw3_ipset *ipset, struct uci_element *e)
+static bool check_ipset(struct fw3_state *state, struct fw3_ipset *ipset,
+			struct uci_element *e)
 {
-	if (ipset->external)
-	{
+	if (ipset->external) {
 		if (!*ipset->external)
 			ipset->external = NULL;
 		else if (!ipset->name)
 			ipset->name = ipset->external;
 	}
 
-	if (!ipset->name || !*ipset->name)
-	{
-		warn_section("ipset", ipset, e, "ipset must have a name assigned");
+	if (!ipset->name || !*ipset->name) {
+		warn_section("ipset", ipset, e,
+			     "ipset must have a name assigned");
 	}
 	//else if (fw3_lookup_ipset(state, ipset->name) != NULL)
 	//{
 	//	warn_section("ipset", ipset, e, "has duplicated set name", ipset->name);
 	//}
-	else if (ipset->family == FW3_FAMILY_ANY)
-	{
+	else if (ipset->family == FW3_FAMILY_ANY) {
 		warn_section("ipset", ipset, e, "must not have family 'any'");
-	}
-	else if (ipset->iprange.set && ipset->family != ipset->iprange.family)
-	{
-		warn_section("ipset", ipset, e, "has iprange of wrong address family");
-	}
-	else if (list_empty(&ipset->datatypes))
-	{
+	} else if (ipset->iprange.set &&
+		   ipset->family != ipset->iprange.family) {
+		warn_section("ipset", ipset, e,
+			     "has iprange of wrong address family");
+	} else if (list_empty(&ipset->datatypes)) {
 		warn_section("ipset", ipset, e, "has no datatypes assigned");
-	}
-	else if (check_types(e, ipset))
-	{
+	} else if (check_types(e, ipset)) {
 		return true;
 	}
 
 	return false;
 }
 
-static struct fw3_ipset *
-fw3_alloc_ipset(struct fw3_state *state)
+static struct fw3_ipset *fw3_alloc_ipset(struct fw3_state *state)
 {
 	struct fw3_ipset *ipset;
 
@@ -253,16 +241,15 @@ fw3_alloc_ipset(struct fw3_state *state)
 	INIT_LIST_HEAD(&ipset->entries);
 
 	ipset->enabled = true;
-	ipset->family  = FW3_FAMILY_V4;
+	ipset->family = FW3_FAMILY_V4;
 
 	list_add_tail(&ipset->list, &state->ipsets);
 
 	return ipset;
 }
 
-void
-fw3_load_ipsets(struct fw3_state *state, struct uci_package *p,
-		struct blob_attr *a)
+void fw3_load_ipsets(struct fw3_state *state, struct uci_package *p,
+		     struct blob_attr *a)
 {
 	struct uci_section *s;
 	struct uci_element *e;
@@ -290,9 +277,10 @@ fw3_load_ipsets(struct fw3_state *state, struct uci_package *p,
 		if (!ipset)
 			continue;
 
-		if (!fw3_parse_blob_options(ipset, fw3_ipset_opts, entry, name))
-		{
-			warn_section("ipset", ipset, NULL, "skipped due to invalid options");
+		if (!fw3_parse_blob_options(ipset, fw3_ipset_opts, entry,
+					    name)) {
+			warn_section("ipset", ipset, NULL,
+				     "skipped due to invalid options");
 			fw3_free_ipset(ipset);
 			continue;
 		}
@@ -321,9 +309,7 @@ fw3_load_ipsets(struct fw3_state *state, struct uci_package *p,
 	}
 }
 
-
-static void
-load_file(struct fw3_ipset *ipset)
+static void load_file(struct fw3_ipset *ipset)
 {
 	FILE *f;
 	char line[128];
@@ -346,8 +332,7 @@ load_file(struct fw3_ipset *ipset)
 	fclose(f);
 }
 
-static void
-create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
+static void create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 {
 	bool first = true;
 	struct fw3_setentry *entry;
@@ -356,25 +341,25 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 	info(" * Creating ipset %s", ipset->name);
 
 	first = true;
-	fw3_pr("create %s %s", ipset->name, fw3_ipset_method_names[ipset->method]);
+	fw3_pr("create %s %s", ipset->name,
+	       fw3_ipset_method_names[ipset->method]);
 
-	list_for_each_entry(type, &ipset->datatypes, list)
-	{
-		fw3_pr("%c%s", first ? ':' : ',', fw3_ipset_type_names[type->type]);
+	list_for_each_entry (type, &ipset->datatypes, list) {
+		fw3_pr("%c%s", first ? ':' : ',',
+		       fw3_ipset_type_names[type->type]);
 		first = false;
 	}
 
 	if (ipset->method == FW3_IPSET_METHOD_HASH)
-		fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6");
-
-	if (ipset->iprange.set)
-	{
-		fw3_pr(" range %s", fw3_address_to_string(&ipset->iprange, false, true));
-	}
-	else if (ipset->portrange.set)
-	{
-		fw3_pr(" range %u-%u",
-		       ipset->portrange.port_min, ipset->portrange.port_max);
+		fw3_pr(" family inet%s",
+		       (ipset->family == FW3_FAMILY_V4) ? "" : "6");
+
+	if (ipset->iprange.set) {
+		fw3_pr(" range %s",
+		       fw3_address_to_string(&ipset->iprange, false, true));
+	} else if (ipset->portrange.set) {
+		fw3_pr(" range %u-%u", ipset->portrange.port_min,
+		       ipset->portrange.port_max);
 	}
 
 	if (ipset->timeout > 0)
@@ -391,14 +376,13 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 
 	fw3_pr("\n");
 
-	list_for_each_entry(entry, &ipset->entries, list)
+	list_for_each_entry (entry, &ipset->entries, list)
 		fw3_pr("add %s %s\n", ipset->name, entry->value);
 
 	load_file(ipset);
 }
 
-void
-fw3_create_ipsets(struct fw3_state *state)
+void fw3_create_ipsets(struct fw3_state *state)
 {
 	int tries;
 	bool exec = false;
@@ -408,13 +392,11 @@ fw3_create_ipsets(struct fw3_state *state)
 		return;
 
 	/* spawn ipsets */
-	list_for_each_entry(ipset, &state->ipsets, list)
-	{
+	list_for_each_entry (ipset, &state->ipsets, list) {
 		if (ipset->external)
 			continue;
 
-		if (!exec)
-		{
+		if (!exec) {
 			exec = fw3_command_pipe(false, "ipset", "-exist", "-");
 
 			if (!exec)
@@ -424,15 +406,13 @@ fw3_create_ipsets(struct fw3_state *state)
 		create_ipset(ipset, state);
 	}
 
-	if (exec)
-	{
+	if (exec) {
 		fw3_pr("quit\n");
 		fw3_command_close();
 	}
 
 	/* wait for ipsets to appear */
-	list_for_each_entry(ipset, &state->ipsets, list)
-	{
+	list_for_each_entry (ipset, &state->ipsets, list) {
 		if (ipset->external)
 			continue;
 
@@ -441,18 +421,15 @@ fw3_create_ipsets(struct fw3_state *state)
 	}
 }
 
-void
-fw3_destroy_ipsets(struct fw3_state *state)
+void fw3_destroy_ipsets(struct fw3_state *state)
 {
 	int tries;
 	bool exec = false;
 	struct fw3_ipset *ipset;
 
 	/* destroy ipsets */
-	list_for_each_entry(ipset, &state->ipsets, list)
-	{
-		if (!exec)
-		{
+	list_for_each_entry (ipset, &state->ipsets, list) {
+		if (!exec) {
 			exec = fw3_command_pipe(false, "ipset", "-exist", "-");
 
 			if (!exec)
@@ -465,15 +442,13 @@ fw3_destroy_ipsets(struct fw3_state *state)
 		fw3_pr("destroy %s\n", ipset->name);
 	}
 
-	if (exec)
-	{
+	if (exec) {
 		fw3_pr("quit\n");
 		fw3_command_close();
 	}
 
 	/* wait for ipsets to disappear */
-	list_for_each_entry(ipset, &state->ipsets, list)
-	{
+	list_for_each_entry (ipset, &state->ipsets, list) {
 		if (ipset->external)
 			continue;
 
@@ -482,16 +457,14 @@ fw3_destroy_ipsets(struct fw3_state *state)
 	}
 }
 
-struct fw3_ipset *
-fw3_lookup_ipset(struct fw3_state *state, const char *name)
+struct fw3_ipset *fw3_lookup_ipset(struct fw3_state *state, const char *name)
 {
 	struct fw3_ipset *s;
 
 	if (list_empty(&state->ipsets))
 		return NULL;
 
-	list_for_each_entry(s, &state->ipsets, list)
-	{
+	list_for_each_entry (s, &state->ipsets, list) {
 		if (strcmp(s->name, name))
 			continue;
 
@@ -501,8 +474,7 @@ fw3_lookup_ipset(struct fw3_state *state, const char *name)
 	return NULL;
 }
 
-bool
-fw3_check_ipset(struct fw3_ipset *set)
+bool fw3_check_ipset(struct fw3_ipset *set)
 {
 	bool rv = false;
 
@@ -524,12 +496,13 @@ fw3_check_ipset(struct fw3_ipset *set)
 	req_name.op = IP_SET_OP_GET_BYNAME;
 	req_name.version = req_ver.version;
 	snprintf(req_name.set.name, IPSET_MAXNAMELEN - 1, "%s",
-	         set->external ? set->external : set->name);
+		 set->external ? set->external : set->name);
 
 	if (getsockopt(s, SOL_IP, SO_IP_SET, &req_name, &sz))
 		goto out;
 
-	rv = ((sz == sizeof(req_name)) && (req_name.set.index != IPSET_INVALID_ID));
+	rv = ((sz == sizeof(req_name)) &&
+	      (req_name.set.index != IPSET_INVALID_ID));
 
 out:
 	if (s >= 0)
diff --git a/ipsets.h b/ipsets.h
index 2ba862d..10af007 100644
--- a/ipsets.h
+++ b/ipsets.h
@@ -24,14 +24,14 @@
 #include "options.h"
 #include "utils.h"
 
-
 extern const struct fw3_option fw3_ipset_opts[];
 
-void fw3_load_ipsets(struct fw3_state *state, struct uci_package *p, struct blob_attr *a);
+void fw3_load_ipsets(struct fw3_state *state, struct uci_package *p,
+		     struct blob_attr *a);
 void fw3_create_ipsets(struct fw3_state *state);
 void fw3_destroy_ipsets(struct fw3_state *state);
 
-struct fw3_ipset * fw3_lookup_ipset(struct fw3_state *state, const char *name);
+struct fw3_ipset *fw3_lookup_ipset(struct fw3_state *state, const char *name);
 
 bool fw3_check_ipset(struct fw3_ipset *set);
 
@@ -43,26 +43,26 @@ static inline void fw3_free_ipset(struct fw3_ipset *ipset)
 
 #ifndef SO_IP_SET
 
-#define SO_IP_SET           83
-#define IPSET_MAXNAMELEN    32
-#define IPSET_INVALID_ID    65535
+#define SO_IP_SET 83
+#define IPSET_MAXNAMELEN 32
+#define IPSET_INVALID_ID 65535
 
 union ip_set_name_index {
-    char name[IPSET_MAXNAMELEN];
-    uint16_t index;
+	char name[IPSET_MAXNAMELEN];
+	uint16_t index;
 };
 
-#define IP_SET_OP_GET_BYNAME    0x00000006
+#define IP_SET_OP_GET_BYNAME 0x00000006
 struct ip_set_req_get_set {
-    uint32_t op;
-    uint32_t version;
-    union ip_set_name_index set;
+	uint32_t op;
+	uint32_t version;
+	union ip_set_name_index set;
 };
 
-#define IP_SET_OP_VERSION       0x00000100
+#define IP_SET_OP_VERSION 0x00000100
 struct ip_set_req_version {
-    uint32_t op;
-    uint32_t version;
+	uint32_t op;
+	uint32_t version;
 };
 
 #endif /* SO_IP_SET */
diff --git a/iptables.c b/iptables.c
index a095621..99f7c17 100644
--- a/iptables.c
+++ b/iptables.c
@@ -46,16 +46,15 @@
 
 /* xtables interface */
 #if (XTABLES_VERSION_CODE >= 10)
-# include "xtables-10.h"
+#include "xtables-10.h"
 #elif (XTABLES_VERSION_CODE == 5)
-# include "xtables-5.h"
+#include "xtables-5.h"
 #else
-# error "Unsupported xtables version"
+#error "Unsupported xtables version"
 #endif
 
 #include "iptables.h"
 
-
 struct fw3_ipt_rule {
 	struct fw3_ipt_handle *h;
 
@@ -75,21 +74,19 @@ struct fw3_ipt_rule {
 };
 
 static struct option base_opts[] = {
-	{ .name = "match",         .has_arg = 1, .val = 'm' },
-	{ .name = "jump",          .has_arg = 1, .val = 'j' },
-	{ .name = "in-interface",  .has_arg = 1, .val = 'i' },
+	{ .name = "match", .has_arg = 1, .val = 'm' },
+	{ .name = "jump", .has_arg = 1, .val = 'j' },
+	{ .name = "in-interface", .has_arg = 1, .val = 'i' },
 	{ .name = "out-interface", .has_arg = 1, .val = 'o' },
-	{ .name = "source",        .has_arg = 1, .val = 's' },
-	{ .name = "destination",   .has_arg = 1, .val = 'd' },
+	{ .name = "source", .has_arg = 1, .val = 's' },
+	{ .name = "destination", .has_arg = 1, .val = 'd' },
 	{ NULL }
 };
 
-
 static jmp_buf fw3_ipt_error_jmp;
 
-static __attribute__((noreturn))
-void fw3_ipt_error_handler(enum xtables_exittype status,
-                           const char *fmt, ...)
+static __attribute__((noreturn)) void
+fw3_ipt_error_handler(enum xtables_exittype status, const char *fmt, ...)
 {
 	va_list args;
 
@@ -131,12 +128,10 @@ static struct {
 	void (*register_target)(struct xtables_target *);
 } xext;
 
-
 /* Required by certain extensions like SNAT and DNAT */
 int kernel_version = 0;
 
-void
-get_kernel_version(void)
+void get_kernel_version(void)
 {
 	static struct utsname uts;
 	int x = 0, y = 0, z = 0;
@@ -158,8 +153,8 @@ static void fw3_init_extensions(void)
 #endif
 }
 
-struct fw3_ipt_handle *
-fw3_ipt_open(enum fw3_family family, enum fw3_table table)
+struct fw3_ipt_handle *fw3_ipt_open(enum fw3_family family,
+				    enum fw3_table table)
 {
 	int i;
 	struct fw3_ipt_handle *h;
@@ -168,29 +163,25 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
 
 	xtables_init();
 
-	if (family == FW3_FAMILY_V6)
-	{
+	if (family == FW3_FAMILY_V6) {
 #ifndef DISABLE_IPV6
 		h->family = FW3_FAMILY_V6;
-		h->table  = table;
+		h->table = table;
 		h->handle = ip6tc_init(fw3_flag_names[table]);
 
 		xtables_set_params(&xtg6);
 		xtables_set_nfproto(NFPROTO_IPV6);
 #endif
-	}
-	else
-	{
+	} else {
 		h->family = FW3_FAMILY_V4;
-		h->table  = table;
+		h->table = table;
 		h->handle = iptc_init(fw3_flag_names[table]);
 
 		xtables_set_params(&xtg);
 		xtables_set_nfproto(NFPROTO_IPV4);
 	}
 
-	if (!h->handle)
-	{
+	if (!h->handle) {
 		free(h);
 		return NULL;
 	}
@@ -209,36 +200,35 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
 	return h;
 }
 
-static void
-debug(struct fw3_ipt_handle *h, const char *fmt, ...)
+static void debug(struct fw3_ipt_handle *h, const char *fmt, ...)
 {
 	va_list ap;
 
-	printf("%s -t %s ", (h->family == FW3_FAMILY_V6) ? "ip6tables" : "iptables",
-	                    fw3_flag_names[h->table]);
+	printf("%s -t %s ",
+	       (h->family == FW3_FAMILY_V6) ? "ip6tables" : "iptables",
+	       fw3_flag_names[h->table]);
 
 	va_start(ap, fmt);
 	vprintf(fmt, ap);
 	va_end(ap);
 }
 
-void
-fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
-                   enum fw3_flag policy)
+void fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
+			enum fw3_flag policy)
 {
 	if (fw3_pr_debug)
 		debug(h, "-P %s %s\n", chain, fw3_flag_names[policy]);
 
 #ifndef DISABLE_IPV6
 	if (h->family == FW3_FAMILY_V6)
-		ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
+		ip6tc_set_policy(chain, fw3_flag_names[policy], NULL,
+				 h->handle);
 	else
 #endif
 		iptc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
 }
 
-void
-fw3_ipt_flush_chain(struct fw3_ipt_handle *h, const char *chain)
+void fw3_ipt_flush_chain(struct fw3_ipt_handle *h, const char *chain)
 {
 	if (fw3_pr_debug)
 		debug(h, "-F %s\n", chain);
@@ -251,8 +241,7 @@ fw3_ipt_flush_chain(struct fw3_ipt_handle *h, const char *chain)
 		iptc_flush_entries(chain, h->handle);
 }
 
-static void
-delete_rules(struct fw3_ipt_handle *h, const char *target)
+static void delete_rules(struct fw3_ipt_handle *h, const char *target)
 {
 	unsigned int num;
 	const struct ipt_entry *e;
@@ -261,57 +250,53 @@ delete_rules(struct fw3_ipt_handle *h, const char *target)
 	bool found;
 
 #ifndef DISABLE_IPV6
-	if (h->family == FW3_FAMILY_V6)
-	{
-		for (chain = ip6tc_first_chain(h->handle);
-		     chain != NULL;
-		     chain = ip6tc_next_chain(h->handle))
-		{
+	if (h->family == FW3_FAMILY_V6) {
+		for (chain = ip6tc_first_chain(h->handle); chain != NULL;
+		     chain = ip6tc_next_chain(h->handle)) {
 			do {
 				found = false;
 
 				const struct ip6t_entry *e6;
-				for (num = 0, e6 = ip6tc_first_rule(chain, h->handle);
-					 e6 != NULL;
-					 num++, e6 = ip6tc_next_rule(e6, h->handle))
-				{
+				for (num = 0,
+				    e6 = ip6tc_first_rule(chain, h->handle);
+				     e6 != NULL; num++,
+				    e6 = ip6tc_next_rule(e6, h->handle)) {
 					t = ip6tc_get_target(e6, h->handle);
 
-					if (*t && !strcmp(t, target))
-					{
+					if (*t && !strcmp(t, target)) {
 						if (fw3_pr_debug)
-							debug(h, "-D %s %u\n", chain, num + 1);
+							debug(h, "-D %s %u\n",
+							      chain, num + 1);
 
-						ip6tc_delete_num_entry(chain, num, h->handle);
+						ip6tc_delete_num_entry(
+							chain, num, h->handle);
 						found = true;
 						break;
 					}
 				}
 			} while (found);
 		}
-	}
-	else
+	} else
 #endif
 	{
-		for (chain = iptc_first_chain(h->handle);
-		     chain != NULL;
-		     chain = iptc_next_chain(h->handle))
-		{
+		for (chain = iptc_first_chain(h->handle); chain != NULL;
+		     chain = iptc_next_chain(h->handle)) {
 			do {
 				found = false;
 
-				for (num = 0, e = iptc_first_rule(chain, h->handle);
+				for (num = 0,
+				    e = iptc_first_rule(chain, h->handle);
 				     e != NULL;
-					 num++, e = iptc_next_rule(e, h->handle))
-				{
+				     num++, e = iptc_next_rule(e, h->handle)) {
 					t = iptc_get_target(e, h->handle);
 
-					if (*t && !strcmp(t, target))
-					{
+					if (*t && !strcmp(t, target)) {
 						if (fw3_pr_debug)
-							debug(h, "-D %s %u\n", chain, num + 1);
+							debug(h, "-D %s %u\n",
+							      chain, num + 1);
 
-						iptc_delete_num_entry(chain, num, h->handle);
+						iptc_delete_num_entry(
+							chain, num, h->handle);
 						found = true;
 						break;
 					}
@@ -321,8 +306,7 @@ delete_rules(struct fw3_ipt_handle *h, const char *target)
 	}
 }
 
-void
-fw3_ipt_delete_chain(struct fw3_ipt_handle *h, const char *chain)
+void fw3_ipt_delete_chain(struct fw3_ipt_handle *h, const char *chain)
 {
 	delete_rules(h, chain);
 
@@ -337,14 +321,12 @@ fw3_ipt_delete_chain(struct fw3_ipt_handle *h, const char *chain)
 		iptc_delete_chain(chain, h->handle);
 }
 
-static bool
-has_rule_tag(const void *base, unsigned int start, unsigned int end)
+static bool has_rule_tag(const void *base, unsigned int start, unsigned int end)
 {
 	unsigned int i;
 	const struct xt_entry_match *em;
 
-	for (i = start; i < end; i += em->u.match_size)
-	{
+	for (i = start; i < end; i += em->u.match_size) {
 		em = base + i;
 
 		if (strcmp(em->u.user.name, "comment"))
@@ -357,16 +339,14 @@ has_rule_tag(const void *base, unsigned int start, unsigned int end)
 	return false;
 }
 
-void
-fw3_ipt_delete_id_rules(struct fw3_ipt_handle *h, const char *chain)
+void fw3_ipt_delete_id_rules(struct fw3_ipt_handle *h, const char *chain)
 {
 	unsigned int num;
 	const struct ipt_entry *e;
 	bool found;
 
 #ifndef DISABLE_IPV6
-	if (h->family == FW3_FAMILY_V6)
-	{
+	if (h->family == FW3_FAMILY_V6) {
 		if (!ip6tc_is_chain(chain, h->handle))
 			return;
 
@@ -375,22 +355,22 @@ fw3_ipt_delete_id_rules(struct fw3_ipt_handle *h, const char *chain)
 
 			const struct ip6t_entry *e6;
 			for (num = 0, e6 = ip6tc_first_rule(chain, h->handle);
-				 e6 != NULL;
-				 num++, e6 = ip6tc_next_rule(e6, h->handle))
-			{
-				if (has_rule_tag(e6, sizeof(*e6), e6->target_offset))
-				{
+			     e6 != NULL;
+			     num++, e6 = ip6tc_next_rule(e6, h->handle)) {
+				if (has_rule_tag(e6, sizeof(*e6),
+						 e6->target_offset)) {
 					if (fw3_pr_debug)
-						debug(h, "-D %s %u\n", chain, num + 1);
+						debug(h, "-D %s %u\n", chain,
+						      num + 1);
 
-					ip6tc_delete_num_entry(chain, num, h->handle);
+					ip6tc_delete_num_entry(chain, num,
+							       h->handle);
 					found = true;
 					break;
 				}
 			}
 		} while (found);
-	}
-	else
+	} else
 #endif
 	{
 		if (!iptc_is_chain(chain, h->handle))
@@ -400,15 +380,16 @@ fw3_ipt_delete_id_rules(struct fw3_ipt_handle *h, const char *chain)
 			found = false;
 
 			for (num = 0, e = iptc_first_rule(chain, h->handle);
-				 e != NULL;
-				 num++, e = iptc_next_rule(e, h->handle))
-			{
-				if (has_rule_tag(e, sizeof(*e), e->target_offset))
-				{
+			     e != NULL;
+			     num++, e = iptc_next_rule(e, h->handle)) {
+				if (has_rule_tag(e, sizeof(*e),
+						 e->target_offset)) {
 					if (fw3_pr_debug)
-						debug(h, "-D %s %u\n", chain, num + 1);
+						debug(h, "-D %s %u\n", chain,
+						      num + 1);
 
-					iptc_delete_num_entry(chain, num, h->handle);
+					iptc_delete_num_entry(chain, num,
+							      h->handle);
 					found = true;
 					break;
 				}
@@ -417,8 +398,7 @@ fw3_ipt_delete_id_rules(struct fw3_ipt_handle *h, const char *chain)
 	}
 }
 
-void
-fw3_ipt_create_chain(struct fw3_ipt_handle *h, const char *fmt, ...)
+void fw3_ipt_create_chain(struct fw3_ipt_handle *h, const char *fmt, ...)
 {
 	char buf[32];
 	va_list ap;
@@ -433,76 +413,61 @@ fw3_ipt_create_chain(struct fw3_ipt_handle *h, const char *fmt, ...)
 	iptc_create_chain(buf, h->handle);
 }
 
-void
-fw3_ipt_flush(struct fw3_ipt_handle *h)
+void fw3_ipt_flush(struct fw3_ipt_handle *h)
 {
 	const char *chain;
 
 #ifndef DISABLE_IPV6
-	if (h->family == FW3_FAMILY_V6)
-	{
-		for (chain = ip6tc_first_chain(h->handle);
-		     chain != NULL;
-		     chain = ip6tc_next_chain(h->handle))
-		{
+	if (h->family == FW3_FAMILY_V6) {
+		for (chain = ip6tc_first_chain(h->handle); chain != NULL;
+		     chain = ip6tc_next_chain(h->handle)) {
 			ip6tc_flush_entries(chain, h->handle);
 		}
 
-		for (chain = ip6tc_first_chain(h->handle);
-		     chain != NULL;
-		     chain = ip6tc_next_chain(h->handle))
-		{
+		for (chain = ip6tc_first_chain(h->handle); chain != NULL;
+		     chain = ip6tc_next_chain(h->handle)) {
 			ip6tc_delete_chain(chain, h->handle);
 		}
-	}
-	else
+	} else
 #endif
 	{
-		for (chain = iptc_first_chain(h->handle);
-		     chain != NULL;
-		     chain = iptc_next_chain(h->handle))
-		{
+		for (chain = iptc_first_chain(h->handle); chain != NULL;
+		     chain = iptc_next_chain(h->handle)) {
 			iptc_flush_entries(chain, h->handle);
 		}
 
-		for (chain = iptc_first_chain(h->handle);
-		     chain != NULL;
-		     chain = iptc_next_chain(h->handle))
-		{
+		for (chain = iptc_first_chain(h->handle); chain != NULL;
+		     chain = iptc_next_chain(h->handle)) {
 			iptc_delete_chain(chain, h->handle);
 		}
 	}
 }
 
-static bool
-chain_is_empty(struct fw3_ipt_handle *h, const char *chain)
+static bool chain_is_empty(struct fw3_ipt_handle *h, const char *chain)
 {
 #ifndef DISABLE_IPV6
 	if (h->family == FW3_FAMILY_V6)
 		return (!ip6tc_builtin(chain, h->handle) &&
-		        !ip6tc_first_rule(chain, h->handle));
+			!ip6tc_first_rule(chain, h->handle));
 #endif
 
 	return (!iptc_builtin(chain, h->handle) &&
-	        !iptc_first_rule(chain, h->handle));
+		!iptc_first_rule(chain, h->handle));
 }
 
-void
-fw3_ipt_gc(struct fw3_ipt_handle *h)
+void fw3_ipt_gc(struct fw3_ipt_handle *h)
 {
 	const char *chain;
 	bool found;
 
 #ifndef DISABLE_IPV6
-	if (h->family == FW3_FAMILY_V6)
-	{
+	if (h->family == FW3_FAMILY_V6) {
 		do {
 			found = false;
 
 			for (chain = ip6tc_first_chain(h->handle);
-				 chain != NULL;
-				 chain = ip6tc_next_chain(h->handle))
-			{
+			     chain != NULL;
+			     chain = ip6tc_next_chain(h->handle)) {
 				if (!chain_is_empty(h, chain))
 					continue;
 
@@ -510,18 +475,15 @@ fw3_ipt_gc(struct fw3_ipt_handle *h)
 				found = true;
 				break;
 			}
-		} while(found);
-	}
-	else
+		} while (found);
+	} else
 #endif
 	{
 		do {
 			found = false;
 
-			for (chain = iptc_first_chain(h->handle);
-				 chain != NULL;
-				 chain = iptc_next_chain(h->handle))
-			{
+			for (chain = iptc_first_chain(h->handle); chain != NULL;
+			     chain = iptc_next_chain(h->handle)) {
 				warn("C=%s\n", chain);
 
 				if (!chain_is_empty(h, chain))
@@ -537,19 +499,16 @@ fw3_ipt_gc(struct fw3_ipt_handle *h)
 	}
 }
 
-void
-fw3_ipt_commit(struct fw3_ipt_handle *h)
+void fw3_ipt_commit(struct fw3_ipt_handle *h)
 {
 	int rv;
 
 #ifndef DISABLE_IPV6
-	if (h->family == FW3_FAMILY_V6)
-	{
+	if (h->family == FW3_FAMILY_V6) {
 		rv = ip6tc_commit(h->handle);
 		if (!rv)
 			warn("ip6tc_commit(): %s", ip6tc_strerror(errno));
-	}
-	else
+	} else
 #endif
 	{
 		rv = iptc_commit(h->handle);
@@ -558,14 +517,12 @@ fw3_ipt_commit(struct fw3_ipt_handle *h)
 	}
 }
 
-void
-fw3_ipt_close(struct fw3_ipt_handle *h)
+void fw3_ipt_close(struct fw3_ipt_handle *h)
 {
 	free(h);
 }
 
-struct fw3_ipt_rule *
-fw3_ipt_rule_new(struct fw3_ipt_handle *h)
+struct fw3_ipt_rule *fw3_ipt_rule_new(struct fw3_ipt_handle *h)
 {
 	struct fw3_ipt_rule *r;
 
@@ -578,9 +535,7 @@ fw3_ipt_rule_new(struct fw3_ipt_handle *h)
 	return r;
 }
 
-
-static bool
-is_chain(struct fw3_ipt_handle *h, const char *name)
+static bool is_chain(struct fw3_ipt_handle *h, const char *name)
 {
 #ifndef DISABLE_IPV6
 	if (h->family == FW3_FAMILY_V6)
@@ -590,8 +545,7 @@ is_chain(struct fw3_ipt_handle *h, const char *name)
 		return iptc_is_chain(name, h->handle);
 }
 
-static char *
-get_protoname(struct fw3_ipt_rule *r)
+static char *get_protoname(struct fw3_ipt_rule *r)
 {
 	const struct xtables_pprot *pp;
 
@@ -603,8 +557,8 @@ get_protoname(struct fw3_ipt_rule *r)
 	return NULL;
 }
 
-static struct xtables_match *
-find_match(struct fw3_ipt_rule *r, const char *name)
+static struct xtables_match *find_match(struct fw3_ipt_rule *r,
+					const char *name)
 {
 	struct xtables_match *m;
 
@@ -615,8 +569,8 @@ find_match(struct fw3_ipt_rule *r, const char *name)
 	return m;
 }
 
-static void
-init_match(struct fw3_ipt_rule *r, struct xtables_match *m, bool no_clone)
+static void init_match(struct fw3_ipt_rule *r, struct xtables_match *m,
+		       bool no_clone)
 {
 	size_t s;
 	struct xtables_globals *g;
@@ -648,8 +602,7 @@ init_match(struct fw3_ipt_rule *r, struct xtables_match *m, bool no_clone)
 	fw3_xt_merge_match_options(g, m);
 }
 
-static bool
-need_protomatch(struct fw3_ipt_rule *r, const char *pname)
+static bool need_protomatch(struct fw3_ipt_rule *r, const char *pname)
 {
 	if (!pname)
 		return false;
@@ -660,8 +613,7 @@ need_protomatch(struct fw3_ipt_rule *r, const char *pname)
 	return !r->protocol_loaded;
 }
 
-static struct xtables_match *
-load_protomatch(struct fw3_ipt_rule *r)
+static struct xtables_match *load_protomatch(struct fw3_ipt_rule *r)
 {
 	const char *pname = get_protoname(r);
 
@@ -671,8 +623,8 @@ load_protomatch(struct fw3_ipt_rule *r)
 	return find_match(r, pname);
 }
 
-static struct xtables_target *
-find_target(struct fw3_ipt_rule *r, const char *name)
+static struct xtables_target *find_target(struct fw3_ipt_rule *r,
+					  const char *name)
 {
 	struct xtables_target *t;
 
@@ -688,8 +640,8 @@ find_target(struct fw3_ipt_rule *r, const char *name)
 	return t;
 }
 
-static struct xtables_target *
-get_target(struct fw3_ipt_rule *r, const char *name)
+static struct xtables_target *get_target(struct fw3_ipt_rule *r,
+					 const char *name)
 {
 	size_t s;
 	struct xtables_target *t;
@@ -723,8 +675,7 @@ get_target(struct fw3_ipt_rule *r, const char *name)
 	return t;
 }
 
-void
-fw3_ipt_rule_proto(struct fw3_ipt_rule *r, struct fw3_protocol *proto)
+void fw3_ipt_rule_proto(struct fw3_ipt_rule *r, struct fw3_protocol *proto)
 {
 	uint32_t pr;
 
@@ -734,8 +685,7 @@ fw3_ipt_rule_proto(struct fw3_ipt_rule *r, struct fw3_protocol *proto)
 	pr = proto->protocol;
 
 #ifndef DISABLE_IPV6
-	if (r->h->family == FW3_FAMILY_V6)
-	{
+	if (r->h->family == FW3_FAMILY_V6) {
 		if (pr == 1)
 			pr = 58;
 
@@ -744,8 +694,7 @@ fw3_ipt_rule_proto(struct fw3_ipt_rule *r, struct fw3_protocol *proto)
 
 		if (proto->invert)
 			r->e6.ipv6.invflags |= XT_INV_PROTO;
-	}
-	else
+	} else
 #endif
 	{
 		r->e.ip.proto = pr;
@@ -757,47 +706,40 @@ fw3_ipt_rule_proto(struct fw3_ipt_rule *r, struct fw3_protocol *proto)
 	r->protocol = pr;
 }
 
-void
-fw3_ipt_rule_in_out(struct fw3_ipt_rule *r,
-                    struct fw3_device *in, struct fw3_device *out)
+void fw3_ipt_rule_in_out(struct fw3_ipt_rule *r, struct fw3_device *in,
+			 struct fw3_device *out)
 {
 #ifndef DISABLE_IPV6
-	if (r->h->family == FW3_FAMILY_V6)
-	{
-		if (in && !in->any)
-		{
+	if (r->h->family == FW3_FAMILY_V6) {
+		if (in && !in->any) {
 			xtables_parse_interface(in->name, r->e6.ipv6.iniface,
-			                                  r->e6.ipv6.iniface_mask);
+						r->e6.ipv6.iniface_mask);
 
 			if (in->invert)
 				r->e6.ipv6.invflags |= IP6T_INV_VIA_IN;
 		}
 
-		if (out && !out->any)
-		{
+		if (out && !out->any) {
 			xtables_parse_interface(out->name, r->e6.ipv6.outiface,
-			                                   r->e6.ipv6.outiface_mask);
+						r->e6.ipv6.outiface_mask);
 
 			if (out->invert)
 				r->e6.ipv6.invflags |= IP6T_INV_VIA_OUT;
 		}
-	}
-	else
+	} else
 #endif
 	{
-		if (in && !in->any)
-		{
+		if (in && !in->any) {
 			xtables_parse_interface(in->name, r->e.ip.iniface,
-			                                  r->e.ip.iniface_mask);
+						r->e.ip.iniface_mask);
 
 			if (in->invert)
 				r->e.ip.invflags |= IPT_INV_VIA_IN;
 		}
 
-		if (out && !out->any)
-		{
+		if (out && !out->any) {
 			xtables_parse_interface(out->name, r->e.ip.outiface,
-			                                   r->e.ip.outiface_mask);
+						r->e.ip.outiface_mask);
 
 			if (out->invert)
 				r->e.ip.invflags |= IPT_INV_VIA_OUT;
@@ -805,39 +747,34 @@ fw3_ipt_rule_in_out(struct fw3_ipt_rule *r,
 	}
 }
 
-
-void
-fw3_ipt_rule_src_dest(struct fw3_ipt_rule *r,
-                      struct fw3_address *src, struct fw3_address *dest)
+void fw3_ipt_rule_src_dest(struct fw3_ipt_rule *r, struct fw3_address *src,
+			   struct fw3_address *dest)
 {
-	if ((src && src->range) || (dest && dest->range))
-	{
+	if ((src && src->range) || (dest && dest->range)) {
 		fw3_ipt_rule_addarg(r, false, "-m", "iprange");
 	}
 
-	if (src && src->set)
-	{
-		if (src->range)
-		{
+	if (src && src->set) {
+		if (src->range) {
 			fw3_ipt_rule_addarg(r, src->invert, "--src-range",
-			                    fw3_address_to_string(src, false, false));
+					    fw3_address_to_string(src, false,
+								  false));
 		}
 #ifndef DISABLE_IPV6
-		else if (r->h->family == FW3_FAMILY_V6)
-		{
+		else if (r->h->family == FW3_FAMILY_V6) {
 			r->e6.ipv6.src = src->address.v6;
 			r->e6.ipv6.smsk = src->mask.v6;
 
 			int i;
 			for (i = 0; i < 4; i++)
-				r->e6.ipv6.src.s6_addr32[i] &= r->e6.ipv6.smsk.s6_addr32[i];
+				r->e6.ipv6.src.s6_addr32[i] &=
+					r->e6.ipv6.smsk.s6_addr32[i];
 
 			if (src->invert)
 				r->e6.ipv6.invflags |= IP6T_INV_SRCIP;
 		}
 #endif
-		else
-		{
+		else {
 			r->e.ip.src = src->address.v4;
 			r->e.ip.smsk = src->mask.v4;
 
@@ -848,29 +785,27 @@ fw3_ipt_rule_src_dest(struct fw3_ipt_rule *r,
 		}
 	}
 
-	if (dest && dest->set)
-	{
-		if (dest->range)
-		{
+	if (dest && dest->set) {
+		if (dest->range) {
 			fw3_ipt_rule_addarg(r, dest->invert, "--dst-range",
-			                    fw3_address_to_string(dest, false, false));
+					    fw3_address_to_string(dest, false,
+								  false));
 		}
 #ifndef DISABLE_IPV6
-		else if (r->h->family == FW3_FAMILY_V6)
-		{
+		else if (r->h->family == FW3_FAMILY_V6) {
 			r->e6.ipv6.dst = dest->address.v6;
 			r->e6.ipv6.dmsk = dest->mask.v6;
 
 			int i;
 			for (i = 0; i < 4; i++)
-				r->e6.ipv6.dst.s6_addr32[i] &= r->e6.ipv6.dmsk.s6_addr32[i];
+				r->e6.ipv6.dst.s6_addr32[i] &=
+					r->e6.ipv6.dmsk.s6_addr32[i];
 
 			if (dest->invert)
 				r->e6.ipv6.invflags |= IP6T_INV_DSTIP;
 		}
 #endif
-		else
-		{
+		else {
 			r->e.ip.dst = dest->address.v4;
 			r->e.ip.dmsk = dest->mask.v4;
 
@@ -882,9 +817,8 @@ fw3_ipt_rule_src_dest(struct fw3_ipt_rule *r,
 	}
 }
 
-void
-fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
-                         struct fw3_port *sp, struct fw3_port *dp)
+void fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r, struct fw3_port *sp,
+			      struct fw3_port *dp)
 {
 	char buf[sizeof("65535:65535\0")];
 
@@ -894,39 +828,38 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
 	if (!get_protoname(r))
 		return;
 
-	if (sp && sp->set)
-	{
+	if (sp && sp->set) {
 		if (sp->port_min == sp->port_max)
 			sprintf(buf, "%u", sp->port_min);
 		else
-			snprintf(buf, sizeof(buf), "%u:%u", sp->port_min, sp->port_max);
+			snprintf(buf, sizeof(buf), "%u:%u", sp->port_min,
+				 sp->port_max);
 
 		fw3_ipt_rule_addarg(r, sp->invert, "--sport", buf);
 	}
 
-	if (dp && dp->set)
-	{
+	if (dp && dp->set) {
 		if (dp->port_min == dp->port_max)
 			sprintf(buf, "%u", dp->port_min);
 		else
-			snprintf(buf, sizeof(buf), "%u:%u", dp->port_min, dp->port_max);
+			snprintf(buf, sizeof(buf), "%u:%u", dp->port_min,
+				 dp->port_max);
 
 		fw3_ipt_rule_addarg(r, dp->invert, "--dport", buf);
 	}
 }
 
-void
-fw3_ipt_rule_device(struct fw3_ipt_rule *r, const char *device, bool out)
+void fw3_ipt_rule_device(struct fw3_ipt_rule *r, const char *device, bool out)
 {
 	if (device) {
 		struct fw3_device dev = { .any = false };
 		strncpy(dev.name, device, sizeof(dev.name) - 1);
-		fw3_ipt_rule_in_out(r, (out) ? NULL : &dev, (out) ? &dev : NULL);
+		fw3_ipt_rule_in_out(r, (out) ? NULL : &dev,
+				    (out) ? &dev : NULL);
 	}
 }
 
-void
-fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
+void fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
 {
 	char buf[sizeof("ff:ff:ff:ff:ff:ff\0")];
 	uint8_t *addr = mac->mac.ether_addr_octet;
@@ -934,15 +867,14 @@ fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
 	if (!mac)
 		return;
 
-	sprintf(buf, "%02x:%02x:%02x:%02x:%02x:%02x",
-	        addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
+	sprintf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", addr[0], addr[1], addr[2],
+		addr[3], addr[4], addr[5]);
 
 	fw3_ipt_rule_addarg(r, false, "-m", "mac");
 	fw3_ipt_rule_addarg(r, mac->invert, "--mac-source", buf);
 }
 
-void
-fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp)
+void fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp)
 {
 	char buf[sizeof("255/255\0")];
 
@@ -950,29 +882,28 @@ fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp)
 		return;
 
 #ifndef DISABLE_IPV6
-	if (r->h->family == FW3_FAMILY_V6)
-	{
+	if (r->h->family == FW3_FAMILY_V6) {
 		if (icmp->code6_min == 0 && icmp->code6_max == 0xFF)
 			sprintf(buf, "%u", icmp->type6);
 		else
-			snprintf(buf, sizeof(buf), "%u/%u", icmp->type6, icmp->code6_min);
+			snprintf(buf, sizeof(buf), "%u/%u", icmp->type6,
+				 icmp->code6_min);
 
 		fw3_ipt_rule_addarg(r, icmp->invert, "--icmpv6-type", buf);
-	}
-	else
+	} else
 #endif
 	{
 		if (icmp->code_min == 0 && icmp->code_max == 0xFF)
 			sprintf(buf, "%u", icmp->type);
 		else
-			snprintf(buf, sizeof(buf), "%u/%u", icmp->type, icmp->code_min);
+			snprintf(buf, sizeof(buf), "%u/%u", icmp->type,
+				 icmp->code_min);
 
 		fw3_ipt_rule_addarg(r, icmp->invert, "--icmp-type", buf);
 	}
 }
 
-void
-fw3_ipt_rule_limit(struct fw3_ipt_rule *r, struct fw3_limit *limit)
+void fw3_ipt_rule_limit(struct fw3_ipt_rule *r, struct fw3_limit *limit)
 {
 	char buf[sizeof("-4294967296/second\0")];
 
@@ -984,15 +915,13 @@ fw3_ipt_rule_limit(struct fw3_ipt_rule *r, struct fw3_limit *limit)
 	sprintf(buf, "%u/%s", limit->rate, fw3_limit_units[limit->unit]);
 	fw3_ipt_rule_addarg(r, limit->invert, "--limit", buf);
 
-	if (limit->burst > 0)
-	{
+	if (limit->burst > 0) {
 		sprintf(buf, "%u", limit->burst);
 		fw3_ipt_rule_addarg(r, limit->invert, "--limit-burst", buf);
 	}
 }
 
-void
-fw3_ipt_rule_ipset(struct fw3_ipt_rule *r, struct fw3_setmatch *match)
+void fw3_ipt_rule_ipset(struct fw3_ipt_rule *r, struct fw3_setmatch *match)
 {
 	char buf[sizeof("dst,dst,dst\0")];
 	char *p = buf;
@@ -1005,28 +934,28 @@ fw3_ipt_rule_ipset(struct fw3_ipt_rule *r, struct fw3_setmatch *match)
 		return;
 
 	set = match->ptr;
-	list_for_each_entry(type, &set->datatypes, list)
-	{
+	list_for_each_entry (type, &set->datatypes, list) {
 		if (i >= 3)
 			break;
 
 		if (p > buf)
 			*p++ = ',';
 
-		p += sprintf(p, "%s", match->dir[i] ? match->dir[i] : type->dir);
+		p += sprintf(p, "%s",
+			     match->dir[i] ? match->dir[i] : type->dir);
 		i++;
 	}
 
 	fw3_ipt_rule_addarg(r, false, "-m", "set");
 
 	fw3_ipt_rule_addarg(r, match->invert, "--match-set",
-	                    set->external ? set->external : set->name);
+			    set->external ? set->external : set->name);
 
 	fw3_ipt_rule_addarg(r, false, buf, NULL);
 }
 
-void
-fw3_ipt_rule_helper(struct fw3_ipt_rule *r, struct fw3_cthelpermatch *match)
+void fw3_ipt_rule_helper(struct fw3_ipt_rule *r,
+			 struct fw3_cthelpermatch *match)
 {
 	if (!match || !match->set || !match->ptr)
 		return;
@@ -1035,8 +964,7 @@ fw3_ipt_rule_helper(struct fw3_ipt_rule *r, struct fw3_cthelpermatch *match)
 	fw3_ipt_rule_addarg(r, match->invert, "--helper", match->ptr->name);
 }
 
-void
-fw3_ipt_rule_time(struct fw3_ipt_rule *r, struct fw3_time *time)
+void fw3_ipt_rule_time(struct fw3_ipt_rule *r, struct fw3_time *time)
 {
 	int i;
 	struct tm empty = { 0 };
@@ -1048,8 +976,7 @@ fw3_ipt_rule_time(struct fw3_ipt_rule *r, struct fw3_time *time)
 	bool d2 = memcmp(&time->datestop, &empty, sizeof(empty));
 
 	if (!d1 && !d2 && !time->timestart && !time->timestop &&
-	    !(time->monthdays & 0xFFFFFFFE) && !(time->weekdays & 0xFE))
-	{
+	    !(time->monthdays & 0xFFFFFFFE) && !(time->weekdays & 0xFE)) {
 		return;
 	}
 
@@ -1058,44 +985,35 @@ fw3_ipt_rule_time(struct fw3_ipt_rule *r, struct fw3_time *time)
 	if (!time->utc)
 		fw3_ipt_rule_addarg(r, false, "--kerneltz", NULL);
 
-	if (d1)
-	{
-		strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S", &time->datestart);
+	if (d1) {
+		strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S",
+			 &time->datestart);
 		fw3_ipt_rule_addarg(r, false, "--datestart", buf);
 	}
 
-	if (d2)
-	{
-		strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S", &time->datestop);
+	if (d2) {
+		strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S",
+			 &time->datestop);
 		fw3_ipt_rule_addarg(r, false, "--datestop", buf);
 	}
 
-	if (time->timestart)
-	{
-		sprintf(buf, "%02d:%02d:%02d",
-		        time->timestart / 3600,
-		        time->timestart % 3600 / 60,
-		        time->timestart % 60);
+	if (time->timestart) {
+		sprintf(buf, "%02d:%02d:%02d", time->timestart / 3600,
+			time->timestart % 3600 / 60, time->timestart % 60);
 
 		fw3_ipt_rule_addarg(r, false, "--timestart", buf);
 	}
 
-	if (time->timestop)
-	{
-		sprintf(buf, "%02d:%02d:%02d",
-		        time->timestop / 3600,
-		        time->timestop % 3600 / 60,
-		        time->timestop % 60);
+	if (time->timestop) {
+		sprintf(buf, "%02d:%02d:%02d", time->timestop / 3600,
+			time->timestop % 3600 / 60, time->timestop % 60);
 
 		fw3_ipt_rule_addarg(r, false, "--timestop", buf);
 	}
 
-	if (time->monthdays & 0xFFFFFFFE)
-	{
-		for (i = 1, p = buf; i < 32; i++)
-		{
-			if (fw3_hasbit(time->monthdays, i))
-			{
+	if (time->monthdays & 0xFFFFFFFE) {
+		for (i = 1, p = buf; i < 32; i++) {
+			if (fw3_hasbit(time->monthdays, i)) {
 				if (p > buf)
 					*p++ = ',';
 
@@ -1103,15 +1021,13 @@ fw3_ipt_rule_time(struct fw3_ipt_rule *r, struct fw3_time *time)
 			}
 		}
 
-		fw3_ipt_rule_addarg(r, fw3_hasbit(time->monthdays, 0), "--monthdays", buf);
+		fw3_ipt_rule_addarg(r, fw3_hasbit(time->monthdays, 0),
+				    "--monthdays", buf);
 	}
 
-	if (time->weekdays & 0xFE)
-	{
-		for (i = 1, p = buf; i < 8; i++)
-		{
-			if (fw3_hasbit(time->weekdays, i))
-			{
+	if (time->weekdays & 0xFE) {
+		for (i = 1, p = buf; i < 8; i++) {
+			if (fw3_hasbit(time->weekdays, i)) {
 				if (p > buf)
 					*p++ = ',';
 
@@ -1119,12 +1035,12 @@ fw3_ipt_rule_time(struct fw3_ipt_rule *r, struct fw3_time *time)
 			}
 		}
 
-		fw3_ipt_rule_addarg(r, fw3_hasbit(time->weekdays, 0), "--weekdays", buf);
+		fw3_ipt_rule_addarg(r, fw3_hasbit(time->weekdays, 0),
+				    "--weekdays", buf);
 	}
 }
 
-void
-fw3_ipt_rule_mark(struct fw3_ipt_rule *r, struct fw3_mark *mark)
+void fw3_ipt_rule_mark(struct fw3_ipt_rule *r, struct fw3_mark *mark)
 {
 	char buf[sizeof("0xFFFFFFFF/0xFFFFFFFF\0")];
 
@@ -1140,8 +1056,7 @@ fw3_ipt_rule_mark(struct fw3_ipt_rule *r, struct fw3_mark *mark)
 	fw3_ipt_rule_addarg(r, mark->invert, "--mark", buf);
 }
 
-void
-fw3_ipt_rule_dscp(struct fw3_ipt_rule *r, struct fw3_dscp *dscp)
+void fw3_ipt_rule_dscp(struct fw3_ipt_rule *r, struct fw3_dscp *dscp)
 {
 	char buf[sizeof("0xFF\0")];
 
@@ -1154,8 +1069,7 @@ fw3_ipt_rule_dscp(struct fw3_ipt_rule *r, struct fw3_dscp *dscp)
 	fw3_ipt_rule_addarg(r, dscp->invert, "--dscp", buf);
 }
 
-void
-fw3_ipt_rule_comment(struct fw3_ipt_rule *r, const char *fmt, ...)
+void fw3_ipt_rule_comment(struct fw3_ipt_rule *r, const char *fmt, ...)
 {
 	va_list ap;
 	char buf[256];
@@ -1171,8 +1085,7 @@ fw3_ipt_rule_comment(struct fw3_ipt_rule *r, const char *fmt, ...)
 	fw3_ipt_rule_addarg(r, false, "--comment", buf);
 }
 
-void
-fw3_ipt_rule_extra(struct fw3_ipt_rule *r, const char *extra)
+void fw3_ipt_rule_extra(struct fw3_ipt_rule *r, const char *extra)
 {
 	char *p, **tmp, *s;
 
@@ -1181,8 +1094,7 @@ fw3_ipt_rule_extra(struct fw3_ipt_rule *r, const char *extra)
 
 	s = fw3_strdup(extra);
 
-	for (p = strtok(s, " \t"); p; p = strtok(NULL, " \t"))
-	{
+	for (p = strtok(s, " \t"); p; p = strtok(NULL, " \t")) {
 		tmp = realloc(r->argv, (r->argc + 1) * sizeof(*r->argv));
 
 		if (!tmp)
@@ -1196,14 +1108,12 @@ fw3_ipt_rule_extra(struct fw3_ipt_rule *r, const char *extra)
 }
 
 #ifndef DISABLE_IPV6
-static void
-rule_print6(struct ip6t_entry *e)
+static void rule_print6(struct ip6t_entry *e)
 {
 	char buf1[INET6_ADDRSTRLEN], buf2[INET6_ADDRSTRLEN];
 	char *pname;
 
-	if (e->ipv6.flags & IP6T_F_PROTO)
-	{
+	if (e->ipv6.flags & IP6T_F_PROTO) {
 		if (e->ipv6.invflags & XT_INV_PROTO)
 			printf(" !");
 
@@ -1215,24 +1125,21 @@ rule_print6(struct ip6t_entry *e)
 			printf(" -p %u", e->ipv6.proto);
 	}
 
-	if (e->ipv6.iniface[0])
-	{
+	if (e->ipv6.iniface[0]) {
 		if (e->ipv6.invflags & IP6T_INV_VIA_IN)
 			printf(" !");
 
 		printf(" -i %s", e->ipv6.iniface);
 	}
 
-	if (e->ipv6.outiface[0])
-	{
+	if (e->ipv6.outiface[0]) {
 		if (e->ipv6.invflags & IP6T_INV_VIA_OUT)
 			printf(" !");
 
 		printf(" -o %s", e->ipv6.outiface);
 	}
 
-	if (memcmp(&e->ipv6.src, &in6addr_any, sizeof(struct in6_addr)))
-	{
+	if (memcmp(&e->ipv6.src, &in6addr_any, sizeof(struct in6_addr))) {
 		if (e->ipv6.invflags & IP6T_INV_SRCIP)
 			printf(" !");
 
@@ -1241,8 +1148,7 @@ rule_print6(struct ip6t_entry *e)
 		       inet_ntop(AF_INET6, &e->ipv6.smsk, buf2, sizeof(buf2)));
 	}
 
-	if (memcmp(&e->ipv6.dst, &in6addr_any, sizeof(struct in6_addr)))
-	{
+	if (memcmp(&e->ipv6.dst, &in6addr_any, sizeof(struct in6_addr))) {
 		if (e->ipv6.invflags & IP6T_INV_DSTIP)
 			printf(" !");
 
@@ -1253,15 +1159,14 @@ rule_print6(struct ip6t_entry *e)
 }
 #endif
 
-static void
-rule_print4(struct ipt_entry *e)
+static void rule_print4(struct ipt_entry *e)
 {
 	struct in_addr in_zero = { 0 };
-	char buf1[sizeof("255.255.255.255\0")], buf2[sizeof("255.255.255.255\0")];
+	char buf1[sizeof("255.255.255.255\0")],
+		buf2[sizeof("255.255.255.255\0")];
 	char *pname;
 
-	if (e->ip.proto)
-	{
+	if (e->ip.proto) {
 		if (e->ip.invflags & XT_INV_PROTO)
 			printf(" !");
 
@@ -1273,24 +1178,21 @@ rule_print4(struct ipt_entry *e)
 			printf(" -p %u", e->ip.proto);
 	}
 
-	if (e->ip.iniface[0])
-	{
+	if (e->ip.iniface[0]) {
 		if (e->ip.invflags & IPT_INV_VIA_IN)
 			printf(" !");
 
 		printf(" -i %s", e->ip.iniface);
 	}
 
-	if (e->ip.outiface[0])
-	{
+	if (e->ip.outiface[0]) {
 		if (e->ip.invflags & IPT_INV_VIA_OUT)
 			printf(" !");
 
 		printf(" -o %s", e->ip.outiface);
 	}
 
-	if (memcmp(&e->ip.src, &in_zero, sizeof(struct in_addr)))
-	{
+	if (memcmp(&e->ip.src, &in_zero, sizeof(struct in_addr))) {
 		if (e->ip.invflags & IPT_INV_SRCIP)
 			printf(" !");
 
@@ -1299,8 +1201,7 @@ rule_print4(struct ipt_entry *e)
 		       inet_ntop(AF_INET, &e->ip.smsk, buf2, sizeof(buf2)));
 	}
 
-	if (memcmp(&e->ip.dst, &in_zero, sizeof(struct in_addr)))
-	{
+	if (memcmp(&e->ip.dst, &in_zero, sizeof(struct in_addr))) {
 		if (e->ip.invflags & IPT_INV_DSTIP)
 			printf(" !");
 
@@ -1310,8 +1211,8 @@ rule_print4(struct ipt_entry *e)
 	}
 }
 
-static void
-rule_print(struct fw3_ipt_rule *r, const char *prefix, const char *chain)
+static void rule_print(struct fw3_ipt_rule *r, const char *prefix,
+		       const char *chain)
 {
 	debug(r->h, "%s %s", prefix, chain);
 
@@ -1328,31 +1229,28 @@ rule_print(struct fw3_ipt_rule *r, const char *prefix, const char *chain)
 	printf("\n");
 }
 
-static bool
-parse_option(struct fw3_ipt_rule *r, int optc, bool inv)
+static bool parse_option(struct fw3_ipt_rule *r, int optc, bool inv)
 {
 	struct xtables_rule_match *m;
 	struct xtables_match *em;
 
 	/* is a target option */
 	if (r->target && fw3_xt_has_target_parse(r->target) &&
-		optc >= r->target->option_offset &&
-		optc < (r->target->option_offset + 256))
-	{
+	    optc >= r->target->option_offset &&
+	    optc < (r->target->option_offset + 256)) {
 		xtables_option_tpcall(optc, r->argv, inv, r->target, &r->e);
 		return false;
 	}
 
 	/* try to dispatch argument to one of the match parsers */
-	for (m = r->matches; m; m = m->next)
-	{
+	for (m = r->matches; m; m = m->next) {
 		em = m->match;
 
 		if (m->completed || !fw3_xt_has_match_parse(em))
 			continue;
 
 		if (optc < em->option_offset ||
-			optc >= (em->option_offset + 256))
+		    optc >= (em->option_offset + 256))
 			continue;
 
 		xtables_option_mpcall(optc, r->argv, inv, em, &r->e);
@@ -1360,8 +1258,7 @@ parse_option(struct fw3_ipt_rule *r, int optc, bool inv)
 	}
 
 	/* unhandled option, might belong to a protocol match */
-	if ((em = load_protomatch(r)) != NULL)
-	{
+	if ((em = load_protomatch(r)) != NULL) {
 		init_match(r, em, false);
 
 		r->protocol_loaded = true;
@@ -1371,17 +1268,18 @@ parse_option(struct fw3_ipt_rule *r, int optc, bool inv)
 	}
 
 	if (optc == ':')
-		warn("parse_option(): option '%s' needs argument", r->argv[optind-1]);
+		warn("parse_option(): option '%s' needs argument",
+		     r->argv[optind - 1]);
 
 	if (optc == '?')
-		warn("parse_option(): unknown option '%s'", r->argv[optind-1]);
+		warn("parse_option(): unknown option '%s'",
+		     r->argv[optind - 1]);
 
 	return false;
 }
 
-void
-fw3_ipt_rule_addarg(struct fw3_ipt_rule *r, bool inv,
-                    const char *k, const char *v)
+void fw3_ipt_rule_addarg(struct fw3_ipt_rule *r, bool inv, const char *k,
+			 const char *v)
 {
 	int n;
 	char **tmp;
@@ -1406,8 +1304,7 @@ fw3_ipt_rule_addarg(struct fw3_ipt_rule *r, bool inv,
 		r->argv[r->argc++] = fw3_strdup(v);
 }
 
-static unsigned char *
-rule_mask(struct fw3_ipt_rule *r)
+static unsigned char *rule_mask(struct fw3_ipt_rule *r)
 {
 	size_t s;
 	unsigned char *p, *mask = NULL;
@@ -1416,8 +1313,7 @@ rule_mask(struct fw3_ipt_rule *r)
 #define SZ(x) XT_ALIGN(sizeof(struct x))
 
 #ifndef DISABLE_IPV6
-	if (r->h->family == FW3_FAMILY_V6)
-	{
+	if (r->h->family == FW3_FAMILY_V6) {
 		s = SZ(ip6t_entry);
 
 		for (m = r->matches; m; m = m->next)
@@ -1431,15 +1327,16 @@ rule_mask(struct fw3_ipt_rule *r)
 		memset(mask, 0xFF, SZ(ip6t_entry));
 		p = mask + SZ(ip6t_entry);
 
-		for (m = r->matches; m; m = m->next)
-		{
-			memset(p, 0xFF, SZ(ip6t_entry_match) + m->match->userspacesize);
+		for (m = r->matches; m; m = m->next) {
+			memset(p, 0xFF,
+			       SZ(ip6t_entry_match) + m->match->userspacesize);
 			p += SZ(ip6t_entry_match) + m->match->size;
 		}
 
-		memset(p, 0xFF, SZ(ip6t_entry_target) + (r->target ? r->target->userspacesize : 0));
-	}
-	else
+		memset(p, 0xFF,
+		       SZ(ip6t_entry_target) +
+			       (r->target ? r->target->userspacesize : 0));
+	} else
 #endif
 	{
 		s = SZ(ipt_entry);
@@ -1455,27 +1352,27 @@ rule_mask(struct fw3_ipt_rule *r)
 		memset(mask, 0xFF, SZ(ipt_entry));
 		p = mask + SZ(ipt_entry);
 
-		for (m = r->matches; m; m = m->next)
-		{
-			memset(p, 0xFF, SZ(ipt_entry_match) + m->match->userspacesize);
+		for (m = r->matches; m; m = m->next) {
+			memset(p, 0xFF,
+			       SZ(ipt_entry_match) + m->match->userspacesize);
 			p += SZ(ipt_entry_match) + m->match->size;
 		}
 
-		memset(p, 0xFF, SZ(ipt_entry_target) + (r->target ? r->target->userspacesize : 0));
+		memset(p, 0xFF,
+		       SZ(ipt_entry_target) +
+			       (r->target ? r->target->userspacesize : 0));
 	}
 
 	return mask;
 }
 
-static void *
-rule_build(struct fw3_ipt_rule *r)
+static void *rule_build(struct fw3_ipt_rule *r)
 {
 	size_t s, target_size = (r->target) ? r->target->t->u.target_size : 0;
 	struct xtables_rule_match *m;
 
 #ifndef DISABLE_IPV6
-	if (r->h->family == FW3_FAMILY_V6)
-	{
+	if (r->h->family == FW3_FAMILY_V6) {
 		struct ip6t_entry *e6;
 
 		s = XT_ALIGN(sizeof(struct ip6t_entry));
@@ -1492,9 +1389,9 @@ rule_build(struct fw3_ipt_rule *r)
 
 		s = 0;
 
-		for (m = r->matches; m; m = m->next)
-		{
-			memcpy(e6->elems + s, m->match->m, m->match->m->u.match_size);
+		for (m = r->matches; m; m = m->next) {
+			memcpy(e6->elems + s, m->match->m,
+			       m->match->m->u.match_size);
 			s += m->match->m->u.match_size;
 		}
 
@@ -1502,8 +1399,7 @@ rule_build(struct fw3_ipt_rule *r)
 			memcpy(e6->elems + s, r->target->t, target_size);
 
 		return e6;
-	}
-	else
+	} else
 #endif
 	{
 		struct ipt_entry *e;
@@ -1522,9 +1418,9 @@ rule_build(struct fw3_ipt_rule *r)
 
 		s = 0;
 
-		for (m = r->matches; m; m = m->next)
-		{
-			memcpy(e->elems + s, m->match->m, m->match->m->u.match_size);
+		for (m = r->matches; m; m = m->next) {
+			memcpy(e->elems + s, m->match->m,
+			       m->match->m->u.match_size);
 			s += m->match->m->u.match_size;
 		}
 
@@ -1535,8 +1431,7 @@ rule_build(struct fw3_ipt_rule *r)
 	}
 }
 
-static void
-set_rule_tag(struct fw3_ipt_rule *r)
+static void set_rule_tag(struct fw3_ipt_rule *r)
 {
 	int i;
 	char *p, **tmp;
@@ -1544,8 +1439,7 @@ set_rule_tag(struct fw3_ipt_rule *r)
 
 	for (i = 0; i < r->argc; i++)
 		if (!strcmp(r->argv[i], "--comment") && (i + 1) < r->argc)
-			if (asprintf(&p, "%s: %s", tag, r->argv[i + 1]) > 0)
-			{
+			if (asprintf(&p, "%s: %s", tag, r->argv[i + 1]) > 0) {
 				free(r->argv[i + 1]);
 				r->argv[i + 1] = p;
 				return;
@@ -1553,8 +1447,7 @@ set_rule_tag(struct fw3_ipt_rule *r)
 
 	tmp = realloc(r->argv, (r->argc + 4) * sizeof(*r->argv));
 
-	if (tmp)
-	{
+	if (tmp) {
 		r->argv = tmp;
 		r->argv[r->argc++] = fw3_strdup("-m");
 		r->argv[r->argc++] = fw3_strdup("comment");
@@ -1563,8 +1456,8 @@ set_rule_tag(struct fw3_ipt_rule *r)
 	}
 }
 
-void
-__fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
+void __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt,
+			   ...)
 {
 	void *rule;
 	unsigned char *mask;
@@ -1596,25 +1489,23 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
 
 	status = setjmp(fw3_ipt_error_jmp);
 
-	if (status > 0)
-	{
-		info("     ! Skipping due to previous exception (code %u)", status);
+	if (status > 0) {
+		info("     ! Skipping due to previous exception (code %u)",
+		     status);
 		goto free;
 	}
 
 	set_rule_tag(r);
 
 	while ((optc = getopt_long(r->argc, r->argv, "-:m:j:i:o:s:d:", g->opts,
-	                           NULL)) != -1)
-	{
-		switch (optc)
-		{
+				   NULL)) != -1) {
+		switch (optc) {
 		case 'm':
 			em = find_match(r, optarg);
 
-			if (!em)
-			{
-				warn("fw3_ipt_rule_append(): Can't find match '%s'", optarg);
+			if (!em) {
+				warn("fw3_ipt_rule_append(): Can't find match '%s'",
+				     optarg);
 				goto free;
 			}
 
@@ -1624,9 +1515,9 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
 		case 'j':
 			et = get_target(r, optarg);
 
-			if (!et)
-			{
-				warn("fw3_ipt_rule_append(): Can't find target '%s'", optarg);
+			if (!et) {
+				warn("fw3_ipt_rule_append(): Can't find target '%s'",
+				     optarg);
 				goto free;
 			}
 
@@ -1634,41 +1525,41 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
 
 		case 'i':
 		case 'o':
-			if (!fw3_parse_device(&dev, optarg, false) ||
-			    dev.any || dev.invert || *dev.network)
-			{
-				warn("fw3_ipt_rule_append(): Bad argument '%s'", optarg);
+			if (!fw3_parse_device(&dev, optarg, false) || dev.any ||
+			    dev.invert || *dev.network) {
+				warn("fw3_ipt_rule_append(): Bad argument '%s'",
+				     optarg);
 				goto free;
 			}
 
 			dev.invert = inv;
 			fw3_ipt_rule_in_out(r, (optc == 'i') ? &dev : NULL,
-			                       (optc == 'o') ? &dev : NULL);
+					    (optc == 'o') ? &dev : NULL);
 			break;
 
 		case 's':
 		case 'd':
 			if (!fw3_parse_address(&addr, optarg, false) ||
-			    addr.range || addr.invert)
-			{
-				warn("fw3_ipt_rule_append(): Bad argument '%s'", optarg);
+			    addr.range || addr.invert) {
+				warn("fw3_ipt_rule_append(): Bad argument '%s'",
+				     optarg);
 				goto free;
 			}
 
 			addr.invert = inv;
 			fw3_ipt_rule_src_dest(r, (optc == 's') ? &addr : NULL,
-			                         (optc == 'd') ? &addr : NULL);
+					      (optc == 'd') ? &addr : NULL);
 			break;
 
 		case 1:
-			if ((optarg[0] == '!') && (optarg[1] == '\0'))
-			{
+			if ((optarg[0] == '!') && (optarg[1] == '\0')) {
 				optarg[0] = '\0';
 				inv = true;
 				continue;
 			}
 
-			warn("fw3_ipt_rule_append(): Bad argument '%s'", optarg);
+			warn("fw3_ipt_rule_append(): Bad argument '%s'",
+			     optarg);
 			goto free;
 
 		default:
@@ -1689,13 +1580,12 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
 	rule = rule_build(r);
 
 #ifndef DISABLE_IPV6
-	if (r->h->family == FW3_FAMILY_V6)
-	{
-		if (repl)
-		{
+	if (r->h->family == FW3_FAMILY_V6) {
+		if (repl) {
 			mask = rule_mask(r);
 
-			while (ip6tc_delete_entry(buf, rule, mask, r->h->handle))
+			while (ip6tc_delete_entry(buf, rule, mask,
+						  r->h->handle))
 				if (fw3_pr_debug)
 					rule_print(r, "-D", buf);
 
@@ -1707,12 +1597,10 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
 
 		if (!ip6tc_append_entry(buf, rule, r->h->handle))
 			warn("ip6tc_append_entry(): %s", ip6tc_strerror(errno));
-	}
-	else
+	} else
 #endif
 	{
-		if (repl)
-		{
+		if (repl) {
 			mask = rule_mask(r);
 
 			while (iptc_delete_entry(buf, rule, mask, r->h->handle))
@@ -1748,8 +1636,7 @@ free:
 	for (em = xtables_matches; em; em = em->next)
 		em->mflags = 0;
 
-	for (et = xtables_targets; et; et = et->next)
-	{
+	for (et = xtables_targets; et; et = et->next) {
 		et->tflags = 0;
 		et->used = 0;
 	}
@@ -1759,8 +1646,8 @@ free:
 
 struct fw3_ipt_rule *
 fw3_ipt_rule_create(struct fw3_ipt_handle *handle, struct fw3_protocol *proto,
-                    struct fw3_device *in, struct fw3_device *out,
-                    struct fw3_address *src, struct fw3_address *dest)
+		    struct fw3_device *in, struct fw3_device *out,
+		    struct fw3_address *src, struct fw3_address *dest)
 {
 	struct fw3_ipt_rule *r;
 
@@ -1773,22 +1660,21 @@ fw3_ipt_rule_create(struct fw3_ipt_handle *handle, struct fw3_protocol *proto,
 	return r;
 }
 
-void
-xtables_register_match(struct xtables_match *me)
+void xtables_register_match(struct xtables_match *me)
 {
 	int i;
 	static struct xtables_match **tmp;
 
 	if (!xext.register_match)
-		xext.register_match = dlsym(RTLD_NEXT, "xtables_register_match");
+		xext.register_match =
+			dlsym(RTLD_NEXT, "xtables_register_match");
 
 	if (!xext.register_match)
 		return;
 
 	xext.register_match(me);
 
-	if (xext.retain)
-	{
+	if (xext.retain) {
 		for (i = 0; i < xext.mcount; i++)
 			if (xext.matches[i] == me)
 				return;
@@ -1803,22 +1689,21 @@ xtables_register_match(struct xtables_match *me)
 	}
 }
 
-void
-xtables_register_target(struct xtables_target *me)
+void xtables_register_target(struct xtables_target *me)
 {
 	int i;
 	static struct xtables_target **tmp;
 
 	if (!xext.register_target)
-		xext.register_target = dlsym(RTLD_NEXT, "xtables_register_target");
+		xext.register_target =
+			dlsym(RTLD_NEXT, "xtables_register_target");
 
 	if (!xext.register_target)
 		return;
 
 	xext.register_target(me);
 
-	if (xext.retain)
-	{
+	if (xext.retain) {
 		for (i = 0; i < xext.tcount; i++)
 			if (xext.targets[i] == me)
 				return;
diff --git a/iptables.h b/iptables.h
index fb4a899..132b18f 100644
--- a/iptables.h
+++ b/iptables.h
@@ -25,9 +25,15 @@ extern void init_extensions(void);
 extern void init_extensions4(void);
 extern void init_extensions6(void);
 #else
-static inline void init_extensions(void) { }
-static inline void init_extensions4(void) { }
-static inline void init_extensions6(void) { }
+static inline void init_extensions(void)
+{
+}
+static inline void init_extensions4(void)
+{
+}
+static inline void init_extensions6(void)
+{
+}
 #endif
 
 /* Required by certain extensions like SNAT and DNAT */
@@ -43,11 +49,10 @@ struct fw3_ipt_handle {
 struct fw3_ipt_rule;
 
 struct fw3_ipt_handle *fw3_ipt_open(enum fw3_family family,
-                                    enum fw3_table table);
+				    enum fw3_table table);
 
 void fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
-                        enum fw3_flag policy);
-
+			enum fw3_flag policy);
 
 void fw3_ipt_flush_chain(struct fw3_ipt_handle *h, const char *chain);
 void fw3_ipt_delete_chain(struct fw3_ipt_handle *h, const char *chain);
@@ -68,14 +73,14 @@ struct fw3_ipt_rule *fw3_ipt_rule_new(struct fw3_ipt_handle *h);
 
 void fw3_ipt_rule_proto(struct fw3_ipt_rule *r, struct fw3_protocol *proto);
 
-void fw3_ipt_rule_in_out(struct fw3_ipt_rule *r,
-                         struct fw3_device *in, struct fw3_device *out);
+void fw3_ipt_rule_in_out(struct fw3_ipt_rule *r, struct fw3_device *in,
+			 struct fw3_device *out);
 
-void fw3_ipt_rule_src_dest(struct fw3_ipt_rule *r,
-                           struct fw3_address *src, struct fw3_address *dest);
+void fw3_ipt_rule_src_dest(struct fw3_ipt_rule *r, struct fw3_address *src,
+			   struct fw3_address *dest);
 
-void fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
-                              struct fw3_port *sp, struct fw3_port *dp);
+void fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r, struct fw3_port *sp,
+			      struct fw3_port *dp);
 
 void fw3_ipt_rule_device(struct fw3_ipt_rule *r, const char *device, bool out);
 
@@ -87,7 +92,8 @@ void fw3_ipt_rule_limit(struct fw3_ipt_rule *r, struct fw3_limit *limit);
 
 void fw3_ipt_rule_ipset(struct fw3_ipt_rule *r, struct fw3_setmatch *match);
 
-void fw3_ipt_rule_helper(struct fw3_ipt_rule *r, struct fw3_cthelpermatch *match);
+void fw3_ipt_rule_helper(struct fw3_ipt_rule *r,
+			 struct fw3_cthelpermatch *match);
 
 void fw3_ipt_rule_time(struct fw3_ipt_rule *r, struct fw3_time *time);
 
@@ -99,27 +105,25 @@ void fw3_ipt_rule_comment(struct fw3_ipt_rule *r, const char *fmt, ...);
 
 void fw3_ipt_rule_extra(struct fw3_ipt_rule *r, const char *extra);
 
-void fw3_ipt_rule_addarg(struct fw3_ipt_rule *r, bool inv,
-                         const char *k, const char *v);
+void fw3_ipt_rule_addarg(struct fw3_ipt_rule *r, bool inv, const char *k,
+			 const char *v);
 
-struct fw3_ipt_rule * fw3_ipt_rule_create(struct fw3_ipt_handle *handle,
-                                          struct fw3_protocol *proto,
-                                          struct fw3_device *in,
-                                          struct fw3_device *out,
-                                          struct fw3_address *src,
-                                          struct fw3_address *dest);
+struct fw3_ipt_rule *
+fw3_ipt_rule_create(struct fw3_ipt_handle *handle, struct fw3_protocol *proto,
+		    struct fw3_device *in, struct fw3_device *out,
+		    struct fw3_address *src, struct fw3_address *dest);
 
-void __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl,
-                           const char *fmt, ...);
+void __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt,
+			   ...);
 
-#define fw3_ipt_rule_append(rule, ...) \
+#define fw3_ipt_rule_append(rule, ...)                                         \
 	__fw3_ipt_rule_append(rule, false, __VA_ARGS__)
 
-#define fw3_ipt_rule_replace(rule, ...) \
+#define fw3_ipt_rule_replace(rule, ...)                                        \
 	__fw3_ipt_rule_append(rule, true, __VA_ARGS__)
 
-static inline void
-fw3_ipt_rule_target(struct fw3_ipt_rule *r, const char *fmt, ...)
+static inline void fw3_ipt_rule_target(struct fw3_ipt_rule *r, const char *fmt,
+				       ...)
 {
 	va_list ap;
 	char buf[32];
diff --git a/main.c b/main.c
index 1410fef..e343b66 100644
--- a/main.c
+++ b/main.c
@@ -32,15 +32,12 @@
 #include "iptables.h"
 #include "helpers.h"
 
-
 static enum fw3_family print_family = FW3_FAMILY_ANY;
 
 static struct fw3_state *run_state = NULL;
 static struct fw3_state *cfg_state = NULL;
 
-
-static bool
-build_state(bool runtime)
+static bool build_state(bool runtime)
 {
 	struct fw3_state *state = NULL;
 	struct uci_package *p = NULL;
@@ -55,18 +52,15 @@ build_state(bool runtime)
 	if (!state->uci)
 		error("Out of memory");
 
-	if (runtime)
-	{
+	if (runtime) {
 		sf = fopen(FW3_STATEFILE, "r");
 
-		if (sf)
-		{
+		if (sf) {
 			uci_import(state->uci, sf, "fw3_state", &p, true);
 			fclose(sf);
 		}
 
-		if (!p)
-		{
+		if (!p) {
 			uci_free_context(state->uci);
 			free(state);
 
@@ -76,20 +70,16 @@ build_state(bool runtime)
 		state->statefile = true;
 
 		run_state = state;
-	}
-	else
-	{
+	} else {
 		if (!fw3_ubus_connect())
 			warn("Failed to connect to ubus");
 
-		if (uci_load(state->uci, "firewall", &p))
-		{
+		if (uci_load(state->uci, "firewall", &p)) {
 			uci_perror(state->uci, NULL);
 			error("Failed to load /etc/config/firewall");
 		}
 
-		if (!fw3_find_command("ipset"))
-		{
+		if (!fw3_find_command("ipset")) {
 			warn("Unable to locate ipset utility, disabling ipset support");
 			state->disable_ipsets = true;
 		}
@@ -97,8 +87,7 @@ build_state(bool runtime)
 		cfg_state = state;
 	}
 
-
-	struct blob_buf b = {NULL, NULL, 0, NULL};
+	struct blob_buf b = { NULL, NULL, 0, NULL };
 	fw3_ubus_rules(&b);
 
 	fw3_load_defaults(state, p);
@@ -114,33 +103,32 @@ build_state(bool runtime)
 	return true;
 }
 
-static void
-free_state(struct fw3_state *state)
+static void free_state(struct fw3_state *state)
 {
 	struct list_head *cur, *tmp;
 
-	list_for_each_safe(cur, tmp, &state->zones)
+	list_for_each_safe (cur, tmp, &state->zones)
 		fw3_free_zone((struct fw3_zone *)cur);
 
-	list_for_each_safe(cur, tmp, &state->rules)
+	list_for_each_safe (cur, tmp, &state->rules)
 		fw3_free_rule((struct fw3_rule *)cur);
 
-	list_for_each_safe(cur, tmp, &state->redirects)
+	list_for_each_safe (cur, tmp, &state->redirects)
 		fw3_free_redirect((struct fw3_redirect *)cur);
 
-	list_for_each_safe(cur, tmp, &state->snats)
+	list_for_each_safe (cur, tmp, &state->snats)
 		fw3_free_snat((struct fw3_snat *)cur);
 
-	list_for_each_safe(cur, tmp, &state->forwards)
+	list_for_each_safe (cur, tmp, &state->forwards)
 		fw3_free_forward((struct fw3_forward *)cur);
 
-	list_for_each_safe(cur, tmp, &state->ipsets)
+	list_for_each_safe (cur, tmp, &state->ipsets)
 		fw3_free_ipset((struct fw3_ipset *)cur);
 
-	list_for_each_safe(cur, tmp, &state->includes)
+	list_for_each_safe (cur, tmp, &state->includes)
 		fw3_free_include((struct fw3_include *)cur);
 
-	list_for_each_safe(cur, tmp, &state->cthelpers)
+	list_for_each_safe (cur, tmp, &state->cthelpers)
 		fw3_free_cthelper((struct fw3_cthelper *)cur);
 
 	uci_free_context(state->uci);
@@ -150,15 +138,13 @@ free_state(struct fw3_state *state)
 	fw3_ubus_disconnect();
 }
 
-
-static bool
-family_running(enum fw3_family family)
+static bool family_running(enum fw3_family family)
 {
 	return (run_state && has(run_state->defaults.flags, family, family));
 }
 
-static void
-family_set(struct fw3_state *state, enum fw3_family family, bool set)
+static void family_set(struct fw3_state *state, enum fw3_family family,
+		       bool set)
 {
 	if (!state)
 		return;
@@ -169,18 +155,16 @@ family_set(struct fw3_state *state, enum fw3_family family, bool set)
 		del(state->defaults.flags, family, family);
 }
 
-static int
-stop(bool complete)
+static int stop(bool complete)
 {
 	int rv = 1;
 	enum fw3_family family;
 	enum fw3_table table;
 	struct fw3_ipt_handle *handle;
 
-	if (!complete && !run_state)
-	{
+	if (!complete && !run_state) {
 		warn("The firewall appears to be stopped. "
-			 "Use the 'flush' command to forcefully purge all rules.");
+		     "Use the 'flush' command to forcefully purge all rules.");
 
 		return rv;
 	}
@@ -188,28 +172,26 @@ stop(bool complete)
 	if (!print_family && run_state)
 		fw3_hotplug_zones(run_state, false);
 
-	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
-	{
+	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++) {
 		if (!complete && !family_running(family))
 			continue;
 
-		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
-		{
-			if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
+		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW;
+		     table++) {
+			if (!fw3_has_table(family == FW3_FAMILY_V6,
+					   fw3_flag_names[table]))
 				continue;
 
 			if (!(handle = fw3_ipt_open(family, table)))
 				continue;
 
-			info(" * %sing %s %s table", complete ? "Flush" : "Clear",
+			info(" * %sing %s %s table",
+			     complete ? "Flush" : "Clear",
 			     fw3_flag_names[family], fw3_flag_names[table]);
 
-			if (complete)
-			{
+			if (complete) {
 				fw3_flush_all(handle);
-			}
-			else if (run_state)
-			{
+			} else if (run_state) {
 				fw3_flush_rules(handle, run_state, false);
 				fw3_flush_zones(handle, run_state, false);
 			}
@@ -236,8 +218,7 @@ stop(bool complete)
 	return rv;
 }
 
-static int
-start(void)
+static int start(void)
 {
 	int rv = 1;
 	enum fw3_family family;
@@ -247,16 +228,14 @@ start(void)
 	if (!print_family)
 		fw3_create_ipsets(cfg_state);
 
-	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
-	{
+	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++) {
 		if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
 			continue;
 
 		if (print_family && family != print_family)
 			continue;
 
-		if (!print_family && family_running(family))
-		{
+		if (!print_family && family_running(family)) {
 			warn("The %s firewall appears to be started already. "
 			     "If it is indeed empty, remove the %s file and retry.",
 			     fw3_flag_names[family], FW3_STATEFILE);
@@ -264,9 +243,10 @@ start(void)
 			continue;
 		}
 
-		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
-		{
-			if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
+		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW;
+		     table++) {
+			if (!fw3_has_table(family == FW3_FAMILY_V6,
+					   fw3_flag_names[table]))
 				continue;
 
 			if (!(handle = fw3_ipt_open(family, table)))
@@ -300,13 +280,11 @@ start(void)
 		rv = 0;
 	}
 
-	if (!rv)
-	{
+	if (!rv) {
 		fw3_flush_conntrack(run_state);
 		fw3_set_defaults(cfg_state);
 
-		if (!print_family)
-		{
+		if (!print_family) {
 			fw3_run_includes(cfg_state, false);
 			fw3_hotplug_zones(cfg_state, true);
 			fw3_write_statefile(cfg_state);
@@ -316,9 +294,7 @@ start(void)
 	return rv;
 }
 
-
-static int
-reload(void)
+static int reload(void)
 {
 	int rv = 1;
 	enum fw3_family family;
@@ -330,21 +306,21 @@ reload(void)
 
 	fw3_hotplug_zones(run_state, false);
 
-	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
-	{
+	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++) {
 		if (!family_running(family))
 			goto start;
 
-		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
-		{
-			if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
+		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW;
+		     table++) {
+			if (!fw3_has_table(family == FW3_FAMILY_V6,
+					   fw3_flag_names[table]))
 				continue;
 
 			if (!(handle = fw3_ipt_open(family, table)))
 				continue;
 
-			info(" * Clearing %s %s table",
-			     fw3_flag_names[family], fw3_flag_names[table]);
+			info(" * Clearing %s %s table", fw3_flag_names[family],
+			     fw3_flag_names[table]);
 
 			fw3_flush_rules(handle, run_state, true);
 			fw3_flush_zones(handle, run_state, true);
@@ -355,13 +331,14 @@ reload(void)
 		family_set(run_state, family, false);
 		family_set(cfg_state, family, false);
 
-start:
+	start:
 		if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
 			continue;
 
-		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
-		{
-			if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
+		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW;
+		     table++) {
+			if (!fw3_has_table(family == FW3_FAMILY_V6,
+					   fw3_flag_names[table]))
 				continue;
 
 			if (!(handle = fw3_ipt_open(family, table)))
@@ -392,8 +369,7 @@ start:
 		rv = 0;
 	}
 
-	if (!rv)
-	{
+	if (!rv) {
 		fw3_flush_conntrack(run_state);
 
 		fw3_set_defaults(cfg_state);
@@ -405,21 +381,20 @@ start:
 	return rv;
 }
 
-static int
-gc(void)
+static int gc(void)
 {
 	enum fw3_family family;
 	enum fw3_table table;
 	struct fw3_ipt_handle *handle;
 
-	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
-	{
+	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++) {
 		if (family == FW3_FAMILY_V6 && cfg_state->defaults.disable_ipv6)
 			continue;
 
-		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
-		{
-			if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
+		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW;
+		     table++) {
+			if (!fw3_has_table(family == FW3_FAMILY_V6,
+					   fw3_flag_names[table]))
 				continue;
 
 			if (!(handle = fw3_ipt_open(family, table)))
@@ -434,18 +409,14 @@ gc(void)
 	return 0;
 }
 
-static int
-lookup_network(const char *net)
+static int lookup_network(const char *net)
 {
 	struct fw3_zone *z;
 	struct fw3_device *d;
 
-	list_for_each_entry(z, &cfg_state->zones, list)
-	{
-		list_for_each_entry(d, &z->networks, list)
-		{
-			if (!strcmp(d->name, net))
-			{
+	list_for_each_entry (z, &cfg_state->zones, list) {
+		list_for_each_entry (d, &z->networks, list) {
+			if (!strcmp(d->name, net)) {
 				printf("%s\n", z->name);
 				return 0;
 			}
@@ -455,18 +426,14 @@ lookup_network(const char *net)
 	return 1;
 }
 
-static int
-lookup_device(const char *dev)
+static int lookup_device(const char *dev)
 {
 	struct fw3_zone *z;
 	struct fw3_device *d;
 
-	list_for_each_entry(z, &cfg_state->zones, list)
-	{
-		list_for_each_entry(d, &z->devices, list)
-		{
-			if (!strcmp(d->name, dev))
-			{
+	list_for_each_entry (z, &cfg_state->zones, list) {
+		list_for_each_entry (d, &z->devices, list) {
+			if (!strcmp(d->name, dev)) {
 				printf("%s\n", z->name);
 				return 0;
 			}
@@ -476,19 +443,16 @@ lookup_device(const char *dev)
 	return 1;
 }
 
-static int
-lookup_zone(const char *zone, const char *device)
+static int lookup_zone(const char *zone, const char *device)
 {
 	struct fw3_zone *z;
 	struct fw3_device *d;
 
-	list_for_each_entry(z, &cfg_state->zones, list)
-	{
+	list_for_each_entry (z, &cfg_state->zones, list) {
 		if (strcmp(z->name, zone))
 			continue;
 
-		list_for_each_entry(d, &z->devices, list)
-		{
+		list_for_each_entry (d, &z->devices, list) {
 			if (device && strcmp(device, d->name))
 				continue;
 
@@ -505,8 +469,7 @@ lookup_zone(const char *zone, const char *device)
 	return 1;
 }
 
-static int
-usage(void)
+static int usage(void)
 {
 	fprintf(stderr, "fw3 [-4] [-6] [-q] print\n");
 	fprintf(stderr, "fw3 [-q] {start|stop|flush|reload|restart}\n");
@@ -517,17 +480,14 @@ usage(void)
 	return 1;
 }
 
-
 int main(int argc, char **argv)
 {
 	int ch, rv = 1;
 	enum fw3_family family = FW3_FAMILY_ANY;
 	struct fw3_defaults *defs = NULL;
 
-	while ((ch = getopt(argc, argv, "46dqh")) != -1)
-	{
-		switch (ch)
-		{
+	while ((ch = getopt(argc, argv, "46dqh")) != -1) {
+		switch (ch) {
 		case '4':
 			family = FW3_FAMILY_V4;
 			break;
@@ -541,7 +501,8 @@ int main(int argc, char **argv)
 			break;
 
 		case 'q':
-			if (freopen("/dev/null", "w", stderr)) {}
+			if (freopen("/dev/null", "w", stderr)) {
+			}
 			break;
 
 		case 'h':
@@ -553,20 +514,15 @@ int main(int argc, char **argv)
 	build_state(false);
 	defs = &cfg_state->defaults;
 
-	if (optind >= argc)
-	{
+	if (optind >= argc) {
 		rv = usage();
 		goto out;
 	}
 
-	if (!strcmp(argv[optind], "print"))
-	{
-		if (family == FW3_FAMILY_ANY)
-		{
+	if (!strcmp(argv[optind], "print")) {
+		if (family == FW3_FAMILY_ANY) {
 			family = FW3_FAMILY_V4;
-		}
-		else if (family == FW3_FAMILY_V6)
-		{
+		} else if (family == FW3_FAMILY_V6) {
 			if (defs->disable_ipv6)
 				warn("IPv6 rules globally disabled in configuration");
 #ifdef DISABLE_IPV6
@@ -575,87 +531,61 @@ int main(int argc, char **argv)
 #endif
 		}
 
-		if (freopen("/dev/null", "w", stderr)) {};
+		if (freopen("/dev/null", "w", stderr)) {
+		};
 
 		cfg_state->disable_ipsets = true;
 		print_family = family;
 		fw3_pr_debug = true;
 
-		if (fw3_lock())
-		{
+		if (fw3_lock()) {
 			build_state(true);
 			rv = start();
 			fw3_unlock();
 		}
-	}
-	else if (!strcmp(argv[optind], "start"))
-	{
-		if (fw3_lock())
-		{
+	} else if (!strcmp(argv[optind], "start")) {
+		if (fw3_lock()) {
 			build_state(true);
 			rv = start();
 			fw3_unlock();
 		}
-	}
-	else if (!strcmp(argv[optind], "stop"))
-	{
-		if (fw3_lock())
-		{
+	} else if (!strcmp(argv[optind], "stop")) {
+		if (fw3_lock()) {
 			build_state(true);
 			rv = stop(false);
 			fw3_unlock();
 		}
-	}
-	else if (!strcmp(argv[optind], "flush"))
-	{
-		if (fw3_lock())
-		{
+	} else if (!strcmp(argv[optind], "flush")) {
+		if (fw3_lock()) {
 			build_state(true);
 			rv = stop(true);
 			fw3_unlock();
 		}
-	}
-	else if (!strcmp(argv[optind], "restart"))
-	{
-		if (fw3_lock())
-		{
+	} else if (!strcmp(argv[optind], "restart")) {
+		if (fw3_lock()) {
 			build_state(true);
 			stop(true);
 			rv = start();
 			fw3_unlock();
 		}
-	}
-	else if (!strcmp(argv[optind], "reload"))
-	{
-		if (fw3_lock())
-		{
+	} else if (!strcmp(argv[optind], "reload")) {
+		if (fw3_lock()) {
 			build_state(true);
 			rv = reload();
 			fw3_unlock();
 		}
-	}
-	else if (!strcmp(argv[optind], "gc"))
-	{
-		if (fw3_lock())
-		{
+	} else if (!strcmp(argv[optind], "gc")) {
+		if (fw3_lock()) {
 			rv = gc();
 			fw3_unlock();
 		}
-	}
-	else if (!strcmp(argv[optind], "network") && (optind + 1) < argc)
-	{
+	} else if (!strcmp(argv[optind], "network") && (optind + 1) < argc) {
 		rv = lookup_network(argv[optind + 1]);
-	}
-	else if (!strcmp(argv[optind], "device") && (optind + 1) < argc)
-	{
+	} else if (!strcmp(argv[optind], "device") && (optind + 1) < argc) {
 		rv = lookup_device(argv[optind + 1]);
-	}
-	else if (!strcmp(argv[optind], "zone") && (optind + 1) < argc)
-	{
+	} else if (!strcmp(argv[optind], "zone") && (optind + 1) < argc) {
 		rv = lookup_zone(argv[optind + 1], argv[optind + 2]);
-	}
-	else
-	{
+	} else {
 		rv = usage();
 	}
 
diff --git a/options.c b/options.c
index c763d9e..7e1ac77 100644
--- a/options.c
+++ b/options.c
@@ -19,21 +19,19 @@
 #include "options.h"
 #include "ubus.h"
 
-
-static bool
-put_value(void *ptr, void *val, int elem_size, bool is_list)
+static bool put_value(void *ptr, void *val, int elem_size, bool is_list)
 {
 	void *copy;
 
-	if (is_list)
-	{
+	if (is_list) {
 		copy = malloc(elem_size);
 
 		if (!copy)
 			return false;
 
 		memcpy(copy, val, elem_size);
-		list_add_tail((struct list_head *)copy, (struct list_head *)ptr);
+		list_add_tail((struct list_head *)copy,
+			      (struct list_head *)ptr);
 		return true;
 	}
 
@@ -41,17 +39,14 @@ put_value(void *ptr, void *val, int elem_size, bool is_list)
 	return false;
 }
 
-static bool
-parse_enum(void *ptr, const char *val, const char **values, int min, int max)
+static bool parse_enum(void *ptr, const char *val, const char **values, int min,
+		       int max)
 {
 	int i, l = strlen(val);
 
-	if (l > 0)
-	{
-		for (i = 0; i <= (max - min); i++)
-		{
-			if (!strncasecmp(val, values[i], l))
-			{
+	if (l > 0) {
+		for (i = 0; i <= (max - min); i++) {
+			if (!strncasecmp(val, values[i], l)) {
 				*((int *)ptr) = min + i;
 				return true;
 			}
@@ -61,30 +56,15 @@ parse_enum(void *ptr, const char *val, const char **values, int min, int max)
 	return false;
 }
 
-
 const char *fw3_flag_names[__FW3_FLAG_MAX] = {
-	"filter",
-	"nat",
-	"mangle",
-	"raw",
-
-	"IPv4",
-	"IPv6",
-
-	"ACCEPT",
-	"REJECT",
-	"DROP",
-	"NOTRACK",
-	"HELPER",
-	"MARK",
-	"DSCP",
-	"DNAT",
-	"SNAT",
-	"MASQUERADE",
-
-	"ACCEPT",
-	"REJECT",
-	"DROP",
+	"filter", "nat",    "mangle", "raw",
+
+	"IPv4",   "IPv6",
+
+	"ACCEPT", "REJECT", "DROP",   "NOTRACK", "HELPER",
+	"MARK",   "DSCP",   "DNAT",   "SNAT",    "MASQUERADE",
+
+	"ACCEPT", "REJECT", "DROP",
 };
 
 const char *fw3_reject_code_names[__FW3_REJECT_CODE_MAX] = {
@@ -108,22 +88,12 @@ const char *fw3_ipset_method_names[__FW3_IPSET_METHOD_MAX] = {
 };
 
 const char *fw3_ipset_type_names[__FW3_IPSET_TYPE_MAX] = {
-	"(bug)",
-	"ip",
-	"port",
-	"mac",
-	"net",
-	"set",
+	"(bug)", "ip", "port", "mac", "net", "set",
 };
 
 static const char *weekdays[] = {
-	"monday",
-	"tuesday",
-	"wednesday",
-	"thursday",
-	"friday",
-	"saturday",
-	"sunday",
+	"monday", "tuesday",  "wednesday", "thursday",
+	"friday", "saturday", "sunday",
 };
 
 static const char *include_types[] = {
@@ -136,34 +106,19 @@ static const char *reflection_sources[] = {
 	"external",
 };
 
-static const struct { const char *name; uint8_t dscp; } dscp_classes[] = {
-	{ "CS0",  0x00 },
-	{ "CS1",  0x08 },
-	{ "CS2",  0x10 },
-	{ "CS3",  0x18 },
-	{ "CS4",  0x20 },
-	{ "CS5",  0x28 },
-	{ "CS6",  0x30 },
-	{ "CS7",  0x38 },
-	{ "BE",   0x00 },
-	{ "AF11", 0x0a },
-	{ "AF12", 0x0c },
-	{ "AF13", 0x0e },
-	{ "AF21", 0x12 },
-	{ "AF22", 0x14 },
-	{ "AF23", 0x16 },
-	{ "AF31", 0x1a },
-	{ "AF32", 0x1c },
-	{ "AF33", 0x1e },
-	{ "AF41", 0x22 },
-	{ "AF42", 0x24 },
-	{ "AF43", 0x26 },
-	{ "EF",   0x2e }
-};
-
-
-bool
-fw3_parse_bool(void *ptr, const char *val, bool is_list)
+static const struct {
+	const char *name;
+	uint8_t dscp;
+} dscp_classes[] = { { "CS0", 0x00 },  { "CS1", 0x08 },  { "CS2", 0x10 },
+		     { "CS3", 0x18 },  { "CS4", 0x20 },  { "CS5", 0x28 },
+		     { "CS6", 0x30 },  { "CS7", 0x38 },  { "BE", 0x00 },
+		     { "AF11", 0x0a }, { "AF12", 0x0c }, { "AF13", 0x0e },
+		     { "AF21", 0x12 }, { "AF22", 0x14 }, { "AF23", 0x16 },
+		     { "AF31", 0x1a }, { "AF32", 0x1c }, { "AF33", 0x1e },
+		     { "AF41", 0x22 }, { "AF42", 0x24 }, { "AF43", 0x26 },
+		     { "EF", 0x2e } };
+
+bool fw3_parse_bool(void *ptr, const char *val, bool is_list)
 {
 	if (!strcmp(val, "true") || !strcmp(val, "yes") || !strcmp(val, "1"))
 		*((bool *)ptr) = true;
@@ -173,8 +128,7 @@ fw3_parse_bool(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_int(void *ptr, const char *val, bool is_list)
+bool fw3_parse_int(void *ptr, const char *val, bool is_list)
 {
 	char *e;
 	int n = strtol(val, &e, 0);
@@ -187,39 +141,37 @@ fw3_parse_int(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_string(void *ptr, const char *val, bool is_list)
+bool fw3_parse_string(void *ptr, const char *val, bool is_list)
 {
 	*((char **)ptr) = (char *)val;
 	return true;
 }
 
-bool
-fw3_parse_target(void *ptr, const char *val, bool is_list)
+bool fw3_parse_target(void *ptr, const char *val, bool is_list)
 {
 	return parse_enum(ptr, val, &fw3_flag_names[FW3_FLAG_ACCEPT],
-	                  FW3_FLAG_ACCEPT, FW3_FLAG_MASQUERADE);
+			  FW3_FLAG_ACCEPT, FW3_FLAG_MASQUERADE);
 }
 
-bool
-fw3_parse_reject_code(void *ptr, const char *val, bool is_list)
+bool fw3_parse_reject_code(void *ptr, const char *val, bool is_list)
 {
-	return parse_enum(ptr, val, &fw3_reject_code_names[FW3_REJECT_CODE_TCP_RESET],
-	                  FW3_REJECT_CODE_TCP_RESET, FW3_REJECT_CODE_ADM_PROHIBITED);
+	return parse_enum(ptr, val,
+			  &fw3_reject_code_names[FW3_REJECT_CODE_TCP_RESET],
+			  FW3_REJECT_CODE_TCP_RESET,
+			  FW3_REJECT_CODE_ADM_PROHIBITED);
 }
 
-bool
-fw3_parse_limit(void *ptr, const char *val, bool is_list)
+bool fw3_parse_limit(void *ptr, const char *val, bool is_list)
 {
 	struct fw3_limit *limit = ptr;
 	enum fw3_limit_unit u = FW3_LIMIT_UNIT_SECOND;
 	char *e;
 	int n;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		limit->invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
 	n = strtol(val, &e, 10);
@@ -242,28 +194,25 @@ fw3_parse_limit(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_device(void *ptr, const char *val, bool is_list)
+bool fw3_parse_device(void *ptr, const char *val, bool is_list)
 {
 	char *p;
-	struct fw3_device dev = { };
+	struct fw3_device dev = {};
 
-	if (*val == '*')
-	{
+	if (*val == '*') {
 		dev.set = true;
 		dev.any = true;
 		put_value(ptr, &dev, sizeof(dev), is_list);
 		return true;
 	}
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		dev.invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
-	if ((p = strchr(val, '@')) != NULL)
-	{
+	if ((p = strchr(val, '@')) != NULL) {
 		*p++ = 0;
 		snprintf(dev.network, sizeof(dev.network), "%s", p);
 	}
@@ -278,19 +227,18 @@ fw3_parse_device(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_address(void *ptr, const char *val, bool is_list)
+bool fw3_parse_address(void *ptr, const char *val, bool is_list)
 {
-	struct fw3_address addr = { };
+	struct fw3_address addr = {};
 	struct in_addr v4;
 	struct in6_addr v6;
 	char *p = NULL, *m = NULL, *s, *e;
 	int bits = -1;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		addr.invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
 	s = strdup(val);
@@ -303,66 +251,51 @@ fw3_parse_address(void *ptr, const char *val, bool is_list)
 	else if ((p = strchr(s, '-')) != NULL)
 		*p++ = 0;
 
-	if (inet_pton(AF_INET6, s, &v6))
-	{
+	if (inet_pton(AF_INET6, s, &v6)) {
 		addr.family = FW3_FAMILY_V6;
 		addr.address.v6 = v6;
 
-		if (m)
-		{
-			if (!inet_pton(AF_INET6, m, &v6))
-			{
+		if (m) {
+			if (!inet_pton(AF_INET6, m, &v6)) {
 				bits = strtol(m, &e, 10);
 
-				if ((*e != 0) || !fw3_bitlen2netmask(addr.family, bits, &v6))
+				if ((*e != 0) ||
+				    !fw3_bitlen2netmask(addr.family, bits, &v6))
 					goto fail;
 			}
 
 			addr.mask.v6 = v6;
-		}
-		else if (p)
-		{
+		} else if (p) {
 			if (!inet_pton(AF_INET6, p, &addr.mask.v6))
 				goto fail;
 
 			addr.range = true;
-		}
-		else
-		{
+		} else {
 			memset(addr.mask.v6.s6_addr, 0xFF, 16);
 		}
-	}
-	else if (inet_pton(AF_INET, s, &v4))
-	{
+	} else if (inet_pton(AF_INET, s, &v4)) {
 		addr.family = FW3_FAMILY_V4;
 		addr.address.v4 = v4;
 
-		if (m)
-		{
-			if (!inet_pton(AF_INET, m, &v4))
-			{
+		if (m) {
+			if (!inet_pton(AF_INET, m, &v4)) {
 				bits = strtol(m, &e, 10);
 
-				if ((*e != 0) || !fw3_bitlen2netmask(addr.family, bits, &v4))
+				if ((*e != 0) ||
+				    !fw3_bitlen2netmask(addr.family, bits, &v4))
 					goto fail;
 			}
 
 			addr.mask.v4 = v4;
-		}
-		else if (p)
-		{
+		} else if (p) {
 			if (!inet_pton(AF_INET, p, &addr.mask.v4))
 				goto fail;
 
 			addr.range = true;
-		}
-		else
-		{
+		} else {
 			addr.mask.v4.s_addr = 0xFFFFFFFF;
 		}
-	}
-	else
-	{
+	} else {
 		goto fail;
 	}
 
@@ -376,47 +309,42 @@ fail:
 	return false;
 }
 
-bool
-fw3_parse_network(void *ptr, const char *val, bool is_list)
+bool fw3_parse_network(void *ptr, const char *val, bool is_list)
 {
-	struct fw3_device dev = { };
+	struct fw3_device dev = {};
 	struct fw3_address *addr, *tmp;
 	LIST_HEAD(addr_list);
 	int n_addrs;
 
-	if (!fw3_parse_address(ptr, val, is_list))
-	{
+	if (!fw3_parse_address(ptr, val, is_list)) {
 		if (!fw3_parse_device(&dev, val, false))
 			return false;
 
 		n_addrs = fw3_ubus_address(&addr_list, dev.name);
 
-		list_for_each_entry(addr, &addr_list, list)
-		{
+		list_for_each_entry (addr, &addr_list, list) {
 			addr->invert = dev.invert;
 			addr->resolved = true;
 		}
 
 		/* add an empty address member with .set = false, .resolved = true
 		 * to signal resolving failure to callers */
-		if (n_addrs == 0)
-		{
+		if (n_addrs == 0) {
 			tmp = fw3_alloc(sizeof(*tmp));
 			tmp->resolved = true;
 
 			list_add_tail(&tmp->list, &addr_list);
 		}
 
-		if (is_list)
-		{
+		if (is_list) {
 			list_splice_tail(&addr_list, ptr);
-		}
-		else if (!list_empty(&addr_list))
-		{
-			memcpy(ptr, list_first_entry(&addr_list, typeof(*addr), list),
+		} else if (!list_empty(&addr_list)) {
+			memcpy(ptr,
+			       list_first_entry(&addr_list, typeof(*addr),
+						list),
 			       sizeof(*addr));
 
-			list_for_each_entry_safe(addr, tmp, &addr_list, list)
+			list_for_each_entry_safe (addr, tmp, &addr_list, list)
 				free(addr);
 		}
 	}
@@ -424,20 +352,18 @@ fw3_parse_network(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_mac(void *ptr, const char *val, bool is_list)
+bool fw3_parse_mac(void *ptr, const char *val, bool is_list)
 {
-	struct fw3_mac addr = { };
+	struct fw3_mac addr = {};
 	struct ether_addr *mac;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		addr.invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
-	if ((mac = ether_aton(val)) != NULL)
-	{
+	if ((mac = ether_aton(val)) != NULL) {
 		addr.mac = *mac;
 		addr.set = true;
 
@@ -448,18 +374,17 @@ fw3_parse_mac(void *ptr, const char *val, bool is_list)
 	return false;
 }
 
-bool
-fw3_parse_port(void *ptr, const char *val, bool is_list)
+bool fw3_parse_port(void *ptr, const char *val, bool is_list)
 {
-	struct fw3_port range = { };
+	struct fw3_port range = {};
 	uint16_t n;
 	uint16_t m;
 	char *p;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		range.invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
 	n = strtoul(val, &p, 10);
@@ -470,8 +395,7 @@ fw3_parse_port(void *ptr, const char *val, bool is_list)
 	if (*p && *p != '-' && *p != ':')
 		return false;
 
-	if (*p)
-	{
+	if (*p) {
 		m = strtoul(++p, NULL, 10);
 
 		if (errno == ERANGE || errno == EINVAL || m < n)
@@ -479,9 +403,7 @@ fw3_parse_port(void *ptr, const char *val, bool is_list)
 
 		range.port_min = n;
 		range.port_max = m;
-	}
-	else
-	{
+	} else {
 		range.port_min = n;
 		range.port_max = n;
 	}
@@ -491,8 +413,7 @@ fw3_parse_port(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_family(void *ptr, const char *val, bool is_list)
+bool fw3_parse_family(void *ptr, const char *val, bool is_list)
 {
 	if (!strcmp(val, "any") || !strcmp(val, "*"))
 		*((enum fw3_family *)ptr) = FW3_FAMILY_ANY;
@@ -506,20 +427,17 @@ fw3_parse_family(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_icmptype(void *ptr, const char *val, bool is_list)
+bool fw3_parse_icmptype(void *ptr, const char *val, bool is_list)
 {
-	struct fw3_icmptype icmp = { };
+	struct fw3_icmptype icmp = {};
 	bool v4 = false;
 	bool v6 = false;
 	char *p;
 	int i;
 
-	for (i = 0; i < ARRAY_SIZE(fw3_icmptype_list_v4); i++)
-	{
-		if (!strcmp(val, fw3_icmptype_list_v4[i].name))
-		{
-			icmp.type     = fw3_icmptype_list_v4[i].type;
+	for (i = 0; i < ARRAY_SIZE(fw3_icmptype_list_v4); i++) {
+		if (!strcmp(val, fw3_icmptype_list_v4[i].name)) {
+			icmp.type = fw3_icmptype_list_v4[i].type;
 			icmp.code_min = fw3_icmptype_list_v4[i].code_min;
 			icmp.code_max = fw3_icmptype_list_v4[i].code_max;
 
@@ -528,11 +446,9 @@ fw3_parse_icmptype(void *ptr, const char *val, bool is_list)
 		}
 	}
 
-	for (i = 0; i < ARRAY_SIZE(fw3_icmptype_list_v6); i++)
-	{
-		if (!strcmp(val, fw3_icmptype_list_v6[i].name))
-		{
-			icmp.type6     = fw3_icmptype_list_v6[i].type;
+	for (i = 0; i < ARRAY_SIZE(fw3_icmptype_list_v6); i++) {
+		if (!strcmp(val, fw3_icmptype_list_v6[i].name)) {
+			icmp.type6 = fw3_icmptype_list_v6[i].type;
 			icmp.code6_min = fw3_icmptype_list_v6[i].code_min;
 			icmp.code6_max = fw3_icmptype_list_v6[i].code_max;
 
@@ -541,8 +457,7 @@ fw3_parse_icmptype(void *ptr, const char *val, bool is_list)
 		}
 	}
 
-	if (!v4 && !v6)
-	{
+	if (!v4 && !v6) {
 		i = strtoul(val, &p, 10);
 
 		if ((p == val) || (*p != '/' && *p != 0) || (i > 0xFF))
@@ -550,8 +465,7 @@ fw3_parse_icmptype(void *ptr, const char *val, bool is_list)
 
 		icmp.type = i;
 
-		if (*p == '/')
-		{
+		if (*p == '/') {
 			val = ++p;
 			i = strtoul(val, &p, 10);
 
@@ -560,14 +474,12 @@ fw3_parse_icmptype(void *ptr, const char *val, bool is_list)
 
 			icmp.code_min = i;
 			icmp.code_max = i;
-		}
-		else
-		{
+		} else {
 			icmp.code_min = 0;
 			icmp.code_max = 0xFF;
 		}
 
-		icmp.type6     = icmp.type;
+		icmp.type6 = icmp.type;
 		icmp.code6_min = icmp.code_max;
 		icmp.code6_max = icmp.code_max;
 
@@ -575,41 +487,34 @@ fw3_parse_icmptype(void *ptr, const char *val, bool is_list)
 		v6 = true;
 	}
 
-	icmp.family = (v4 && v6) ? FW3_FAMILY_ANY
-	                         : (v6 ? FW3_FAMILY_V6 : FW3_FAMILY_V4);
+	icmp.family = (v4 && v6) ? FW3_FAMILY_ANY :
+				   (v6 ? FW3_FAMILY_V6 : FW3_FAMILY_V4);
 
 	put_value(ptr, &icmp, sizeof(icmp), is_list);
 	return true;
 }
 
-bool
-fw3_parse_protocol(void *ptr, const char *val, bool is_list)
+bool fw3_parse_protocol(void *ptr, const char *val, bool is_list)
 {
-	struct fw3_protocol proto = { };
+	struct fw3_protocol proto = {};
 	struct protoent *ent;
 	char *e;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		proto.invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
-	if (!strcmp(val, "all") || !strcmp(val, "any") || !strcmp(val, "*"))
-	{
+	if (!strcmp(val, "all") || !strcmp(val, "any") || !strcmp(val, "*")) {
 		proto.any = true;
 		put_value(ptr, &proto, sizeof(proto), is_list);
 		return true;
-	}
-	else if (!strcmp(val, "icmpv6"))
-	{
+	} else if (!strcmp(val, "icmpv6")) {
 		val = "ipv6-icmp";
-	}
-	else if (!strcmp(val, "tcpudp"))
-	{
+	} else if (!strcmp(val, "tcpudp")) {
 		proto.protocol = 6;
-		if (put_value(ptr, &proto, sizeof(proto), is_list))
-		{
+		if (put_value(ptr, &proto, sizeof(proto), is_list)) {
 			proto.protocol = 17;
 			put_value(ptr, &proto, sizeof(proto), is_list);
 		}
@@ -619,8 +524,7 @@ fw3_parse_protocol(void *ptr, const char *val, bool is_list)
 
 	ent = getprotobyname(val);
 
-	if (ent)
-	{
+	if (ent) {
 		proto.protocol = ent->p_proto;
 		put_value(ptr, &proto, sizeof(proto), is_list);
 		return true;
@@ -635,39 +539,33 @@ fw3_parse_protocol(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_ipset_method(void *ptr, const char *val, bool is_list)
+bool fw3_parse_ipset_method(void *ptr, const char *val, bool is_list)
 {
-	return parse_enum(ptr, val, &fw3_ipset_method_names[FW3_IPSET_METHOD_BITMAP],
-	                  FW3_IPSET_METHOD_BITMAP, FW3_IPSET_METHOD_LIST);
+	return parse_enum(ptr, val,
+			  &fw3_ipset_method_names[FW3_IPSET_METHOD_BITMAP],
+			  FW3_IPSET_METHOD_BITMAP, FW3_IPSET_METHOD_LIST);
 }
 
-bool
-fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list)
+bool fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list)
 {
-	struct fw3_ipset_datatype type = { };
+	struct fw3_ipset_datatype type = {};
 
 	type.dir = "src";
 
-	if (!strncmp(val, "dest_", 5))
-	{
+	if (!strncmp(val, "dest_", 5)) {
 		val += 5;
 		type.dir = "dst";
-	}
-	else if (!strncmp(val, "dst_", 4))
-	{
+	} else if (!strncmp(val, "dst_", 4)) {
 		val += 4;
 		type.dir = "dst";
-	}
-	else if (!strncmp(val, "src_", 4))
-	{
+	} else if (!strncmp(val, "src_", 4)) {
 		val += 4;
 		type.dir = "src";
 	}
 
-	if (parse_enum(&type.type, val, &fw3_ipset_type_names[FW3_IPSET_TYPE_IP],
-	               FW3_IPSET_TYPE_IP, FW3_IPSET_TYPE_SET))
-	{
+	if (parse_enum(&type.type, val,
+		       &fw3_ipset_type_names[FW3_IPSET_TYPE_IP],
+		       FW3_IPSET_TYPE_IP, FW3_IPSET_TYPE_SET)) {
 		put_value(ptr, &type, sizeof(type), is_list);
 		return true;
 	}
@@ -675,8 +573,7 @@ fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list)
 	return false;
 }
 
-bool
-fw3_parse_date(void *ptr, const char *val, bool is_list)
+bool fw3_parse_date(void *ptr, const char *val, bool is_list)
 {
 	unsigned int year = 1970, mon = 1, day = 1, hour = 0, min = 0, sec = 0;
 	struct tm tm = { 0 };
@@ -719,16 +616,15 @@ fw3_parse_date(void *ptr, const char *val, bool is_list)
 
 ret:
 	tm.tm_year = year - 1900;
-	tm.tm_mon  = mon - 1;
+	tm.tm_mon = mon - 1;
 	tm.tm_mday = day;
 	tm.tm_hour = hour;
-	tm.tm_min  = min;
-	tm.tm_sec  = sec;
+	tm.tm_min = min;
+	tm.tm_sec = sec;
 
 	ts = mktime(&tm) - timezone;
 
-	if (ts >= 0)
-	{
+	if (ts >= 0) {
 		gmtime_r(&ts, (struct tm *)ptr);
 		return true;
 	}
@@ -737,8 +633,7 @@ fail:
 	return false;
 }
 
-bool
-fw3_parse_time(void *ptr, const char *val, bool is_list)
+bool fw3_parse_time(void *ptr, const char *val, bool is_list)
 {
 	unsigned int hour = 0, min = 0, sec = 0;
 	char *p;
@@ -765,29 +660,25 @@ fail:
 	return false;
 }
 
-bool
-fw3_parse_weekdays(void *ptr, const char *val, bool is_list)
+bool fw3_parse_weekdays(void *ptr, const char *val, bool is_list)
 {
 	unsigned int w = 0;
 	char *p, *s;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		fw3_setbit(*(uint8_t *)ptr, 0);
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
 	if (!(s = strdup(val)))
 		return false;
 
-	for (p = strtok(s, " \t"); p; p = strtok(NULL, " \t"))
-	{
-		if (!parse_enum(&w, p, weekdays, 1, 7))
-		{
+	for (p = strtok(s, " \t"); p; p = strtok(NULL, " \t")) {
+		if (!parse_enum(&w, p, weekdays, 1, 7)) {
 			w = strtoul(p, &p, 10);
 
-			if (*p || w < 1 || w > 7)
-			{
+			if (*p || w < 1 || w > 7) {
 				free(s);
 				return false;
 			}
@@ -800,27 +691,24 @@ fw3_parse_weekdays(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_monthdays(void *ptr, const char *val, bool is_list)
+bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list)
 {
 	unsigned int d;
 	char *p, *s;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		fw3_setbit(*(uint32_t *)ptr, 0);
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
 	if (!(s = strdup(val)))
 		return false;
 
-	for (p = strtok(s, " \t"); p; p = strtok(NULL, " \t"))
-	{
+	for (p = strtok(s, " \t"); p; p = strtok(NULL, " \t")) {
 		d = strtoul(p, &p, 10);
 
-		if (*p || d < 1 || d > 31)
-		{
+		if (*p || d < 1 || d > 31) {
 			free(s);
 			return false;
 		}
@@ -832,31 +720,28 @@ fw3_parse_monthdays(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_include_type(void *ptr, const char *val, bool is_list)
+bool fw3_parse_include_type(void *ptr, const char *val, bool is_list)
 {
-	return parse_enum(ptr, val, include_types,
-	                  FW3_INC_TYPE_SCRIPT, FW3_INC_TYPE_RESTORE);
+	return parse_enum(ptr, val, include_types, FW3_INC_TYPE_SCRIPT,
+			  FW3_INC_TYPE_RESTORE);
 }
 
-bool
-fw3_parse_reflection_source(void *ptr, const char *val, bool is_list)
+bool fw3_parse_reflection_source(void *ptr, const char *val, bool is_list)
 {
-	return parse_enum(ptr, val, reflection_sources,
-	                  FW3_REFLECTION_INTERNAL, FW3_REFLECTION_EXTERNAL);
+	return parse_enum(ptr, val, reflection_sources, FW3_REFLECTION_INTERNAL,
+			  FW3_REFLECTION_EXTERNAL);
 }
 
-bool
-fw3_parse_mark(void *ptr, const char *val, bool is_list)
+bool fw3_parse_mark(void *ptr, const char *val, bool is_list)
 {
 	uint32_t n;
 	char *s, *e;
 	struct fw3_mark *m = ptr;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		m->invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
 	if ((s = strchr(val, '/')) != NULL)
@@ -870,8 +755,7 @@ fw3_parse_mark(void *ptr, const char *val, bool is_list)
 	m->mark = n;
 	m->mask = 0xFFFFFFFF;
 
-	if (s)
-	{
+	if (s) {
 		n = strtoul(s, &e, 0);
 
 		if (e == s || *e)
@@ -884,21 +768,19 @@ fw3_parse_mark(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_dscp(void *ptr, const char *val, bool is_list)
+bool fw3_parse_dscp(void *ptr, const char *val, bool is_list)
 {
 	uint32_t n;
 	char *e;
 	struct fw3_dscp *d = ptr;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		d->invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
-	for (n = 0; n < sizeof(dscp_classes) / sizeof(dscp_classes[0]); n++)
-	{
+	for (n = 0; n < sizeof(dscp_classes) / sizeof(dscp_classes[0]); n++) {
 		if (strcmp(dscp_classes[n].name, val))
 			continue;
 
@@ -917,34 +799,30 @@ fw3_parse_dscp(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_setmatch(void *ptr, const char *val, bool is_list)
+bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list)
 {
 	struct fw3_setmatch *m = ptr;
 	char *p, *s;
 	int i;
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		m->invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
 	if (!(s = strdup(val)))
 		return false;
 
-	if (!(p = strtok(s, " \t")))
-	{
+	if (!(p = strtok(s, " \t"))) {
 		free(s);
 		return false;
 	}
 
 	strncpy(m->name, p, sizeof(m->name) - 1);
 
-	for (i = 0, p = strtok(NULL, " \t,");
-	     i < 3 && p != NULL;
-	     i++, p = strtok(NULL, " \t,"))
-	{
+	for (i = 0, p = strtok(NULL, " \t,"); i < 3 && p != NULL;
+	     i++, p = strtok(NULL, " \t,")) {
 		if (!strncmp(p, "dest", 4) || !strncmp(p, "dst", 3))
 			m->dir[i] = "dst";
 		else if (!strncmp(p, "src", 3))
@@ -957,8 +835,7 @@ fw3_parse_setmatch(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-bool
-fw3_parse_direction(void *ptr, const char *val, bool is_list)
+bool fw3_parse_direction(void *ptr, const char *val, bool is_list)
 {
 	bool *is_out = ptr;
 	bool valid = true;
@@ -973,19 +850,17 @@ fw3_parse_direction(void *ptr, const char *val, bool is_list)
 	return valid;
 }
 
-bool
-fw3_parse_cthelper(void *ptr, const char *val, bool is_list)
+bool fw3_parse_cthelper(void *ptr, const char *val, bool is_list)
 {
-	struct fw3_cthelpermatch m = { };
+	struct fw3_cthelpermatch m = {};
 
-	if (*val == '!')
-	{
+	if (*val == '!') {
 		m.invert = true;
-		while (isspace(*++val));
+		while (isspace(*++val))
+			;
 	}
 
-	if (*val)
-	{
+	if (*val) {
 		m.set = true;
 		strncpy(m.name, val, sizeof(m.name) - 1);
 		put_value(ptr, &m, sizeof(m), is_list);
@@ -995,10 +870,9 @@ fw3_parse_cthelper(void *ptr, const char *val, bool is_list)
 	return false;
 }
 
-bool
-fw3_parse_setentry(void *ptr, const char *val, bool is_list)
+bool fw3_parse_setentry(void *ptr, const char *val, bool is_list)
 {
-	struct fw3_setentry e = { };
+	struct fw3_setentry e = {};
 
 	e.value = val;
 	put_value(ptr, &e, sizeof(e), is_list);
@@ -1006,10 +880,8 @@ fw3_parse_setentry(void *ptr, const char *val, bool is_list)
 	return true;
 }
 
-
-bool
-fw3_parse_options(void *s, const struct fw3_option *opts,
-                  struct uci_section *section)
+bool fw3_parse_options(void *s, const struct fw3_option *opts,
+		       struct uci_section *section)
 {
 	char *p, *v;
 	bool known, inv;
@@ -1024,66 +896,63 @@ fw3_parse_options(void *s, const struct fw3_option *opts,
 		o = uci_to_option(e);
 		known = false;
 
-		for (opt = opts; opt->name; opt++)
-		{
+		for (opt = opts; opt->name; opt++) {
 			if (!opt->parse)
 				continue;
 
 			if (strcmp(opt->name, e->name))
 				continue;
 
-			if (o->type == UCI_TYPE_LIST)
-			{
-				if (!opt->elem_size)
-				{
+			if (o->type == UCI_TYPE_LIST) {
+				if (!opt->elem_size) {
 					warn_elem(e, "must not be a list");
 					valid = false;
-				}
-				else
-				{
-					dest = (struct list_head *)((char *)s + opt->offset);
+				} else {
+					dest = (struct list_head *)((char *)s +
+								    opt->offset);
 
 					uci_foreach_element(&o->v.list, l)
 					{
 						if (!l->name)
 							continue;
 
-						if (!opt->parse(dest, l->name, true))
-						{
-							warn_elem(e, "has invalid value '%s'", l->name);
+						if (!opt->parse(dest, l->name,
+								true)) {
+							warn_elem(
+								e,
+								"has invalid value '%s'",
+								l->name);
 							valid = false;
 							continue;
 						}
 					}
 				}
-			}
-			else
-			{
+			} else {
 				v = o->v.string;
 
 				if (!v)
 					continue;
 
-				if (!opt->elem_size)
-				{
-					if (!opt->parse((char *)s + opt->offset, o->v.string, false))
-					{
-						warn_elem(e, "has invalid value '%s'", o->v.string);
+				if (!opt->elem_size) {
+					if (!opt->parse((char *)s + opt->offset,
+							o->v.string, false)) {
+						warn_elem(
+							e,
+							"has invalid value '%s'",
+							o->v.string);
 						valid = false;
 					}
-				}
-				else
-				{
+				} else {
 					inv = false;
-					dest = (struct list_head *)((char *)s + opt->offset);
+					dest = (struct list_head *)((char *)s +
+								    opt->offset);
 
-					for (p = strtok(v, " \t"); p != NULL; p = strtok(NULL, " \t"))
-					{
+					for (p = strtok(v, " \t"); p != NULL;
+					     p = strtok(NULL, " \t")) {
 						/* If we encounter a sole "!" token, assume that it
 						 * is meant to be part of the next token, so silently
 						 * skip it and remember the state... */
-						if (!strcmp(p, "!"))
-						{
+						if (!strcmp(p, "!")) {
 							inv = true;
 							continue;
 						}
@@ -1092,15 +961,17 @@ fw3_parse_options(void *s, const struct fw3_option *opts,
 						 * back by one byte to precede the value with an
 						 * exclamation mark which effectively turns
 						 * ("!", "foo") into ("!foo") */
-						if (inv)
-						{
+						if (inv) {
 							*--p = '!';
 							inv = false;
 						}
 
-						if (!opt->parse(dest, p, true))
-						{
-							warn_elem(e, "has invalid value '%s'", p);
+						if (!opt->parse(dest, p,
+								true)) {
+							warn_elem(
+								e,
+								"has invalid value '%s'",
+								p);
 							valid = false;
 							continue;
 						}
@@ -1108,9 +979,12 @@ fw3_parse_options(void *s, const struct fw3_option *opts,
 
 					/* The last token was a sole "!" without any subsequent
 					 * text, so pass it to the option parser as-is. */
-					if (inv && !opt->parse(dest, "!", true))
-					{
-						warn_elem(e, "has invalid value '%s'", p);
+					if (inv &&
+					    !opt->parse(dest, "!", true)) {
+						warn_elem(
+							e,
+							"has invalid value '%s'",
+							p);
 						valid = false;
 					}
 				}
@@ -1127,10 +1001,8 @@ fw3_parse_options(void *s, const struct fw3_option *opts,
 	return valid;
 }
 
-
-bool
-fw3_parse_blob_options(void *s, const struct fw3_option *opts,
-                       struct blob_attr *a, const char *name)
+bool fw3_parse_blob_options(void *s, const struct fw3_option *opts,
+			    struct blob_attr *a, const char *name)
 {
 	char *p, *v, buf[16];
 	bool known;
@@ -1144,50 +1016,55 @@ fw3_parse_blob_options(void *s, const struct fw3_option *opts,
 	{
 		known = false;
 
-		for (opt = opts; opt->name; opt++)
-		{
+		for (opt = opts; opt->name; opt++) {
 			if (!opt->parse)
 				continue;
 
 			if (strcmp(opt->name, blobmsg_name(o)))
 				continue;
 
-			if (blobmsg_type(o) == BLOBMSG_TYPE_ARRAY)
-			{
-				if (!opt->elem_size)
-				{
-					fprintf(stderr, "%s: '%s' must not be a list\n",
-					        name, opt->name);
+			if (blobmsg_type(o) == BLOBMSG_TYPE_ARRAY) {
+				if (!opt->elem_size) {
+					fprintf(stderr,
+						"%s: '%s' must not be a list\n",
+						name, opt->name);
 
 					valid = false;
-				}
-				else
-				{
-					dest = (struct list_head *)((char *)s + opt->offset);
+				} else {
+					dest = (struct list_head *)((char *)s +
+								    opt->offset);
 
 					blobmsg_for_each_attr(e, o, erem)
 					{
-						if (blobmsg_type(e) == BLOBMSG_TYPE_INT32) {
-							snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(e));
+						if (blobmsg_type(e) ==
+						    BLOBMSG_TYPE_INT32) {
+							snprintf(
+								buf,
+								sizeof(buf),
+								"%d",
+								blobmsg_get_u32(
+									e));
 							v = buf;
 						} else {
-							v = blobmsg_get_string(e);
+							v = blobmsg_get_string(
+								e);
 						}
 
-						if (!opt->parse(dest, v, true))
-						{
-							fprintf(stderr, "%s: '%s' has invalid value '%s'\n",
-							        name, opt->name, v);
+						if (!opt->parse(dest, v,
+								true)) {
+							fprintf(stderr,
+								"%s: '%s' has invalid value '%s'\n",
+								name, opt->name,
+								v);
 							valid = false;
 							continue;
 						}
 					}
 				}
-			}
-			else
-			{
+			} else {
 				if (blobmsg_type(o) == BLOBMSG_TYPE_INT32) {
-					snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(o));
+					snprintf(buf, sizeof(buf), "%d",
+						 blobmsg_get_u32(o));
 					v = buf;
 				} else {
 					v = blobmsg_get_string(o);
@@ -1196,25 +1073,26 @@ fw3_parse_blob_options(void *s, const struct fw3_option *opts,
 				if (!v)
 					continue;
 
-				if (!opt->elem_size)
-				{
-					if (!opt->parse((char *)s + opt->offset, v, false))
-					{
-						fprintf(stderr, "%s: '%s' has invalid value '%s'\n",
-						        name, opt->name, v);
+				if (!opt->elem_size) {
+					if (!opt->parse((char *)s + opt->offset,
+							v, false)) {
+						fprintf(stderr,
+							"%s: '%s' has invalid value '%s'\n",
+							name, opt->name, v);
 						valid = false;
 					}
-				}
-				else
-				{
-					dest = (struct list_head *)((char *)s + opt->offset);
-
-					for (p = strtok(v, " \t"); p != NULL; p = strtok(NULL, " \t"))
-					{
-						if (!opt->parse(dest, p, true))
-						{
-							fprintf(stderr, "%s: '%s' has invalid value '%s'\n",
-							        name, opt->name, p);
+				} else {
+					dest = (struct list_head *)((char *)s +
+								    opt->offset);
+
+					for (p = strtok(v, " \t"); p != NULL;
+					     p = strtok(NULL, " \t")) {
+						if (!opt->parse(dest, p,
+								true)) {
+							fprintf(stderr,
+								"%s: '%s' has invalid value '%s'\n",
+								name, opt->name,
+								p);
 							valid = false;
 							continue;
 						}
@@ -1227,15 +1105,15 @@ fw3_parse_blob_options(void *s, const struct fw3_option *opts,
 		}
 
 		if (!known && strcmp(blobmsg_name(o), "type"))
-			fprintf(stderr, "%s: '%s' is unknown\n", name, blobmsg_name(o));
+			fprintf(stderr, "%s: '%s' is unknown\n", name,
+				blobmsg_name(o));
 	}
 
 	return valid;
 }
 
-
-const char *
-fw3_address_to_string(struct fw3_address *address, bool allow_invert, bool as_cidr)
+const char *fw3_address_to_string(struct fw3_address *address,
+				  bool allow_invert, bool as_cidr)
 {
 	char *p, ip[INET6_ADDRSTRLEN];
 	static char buf[INET6_ADDRSTRLEN * 2 + 2];
@@ -1246,28 +1124,24 @@ fw3_address_to_string(struct fw3_address *address, bool allow_invert, bool as_ci
 		p += sprintf(p, "!");
 
 	inet_ntop(address->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-	          &address->address.v4, ip, sizeof(ip));
+		  &address->address.v4, ip, sizeof(ip));
 
 	p += sprintf(p, "%s", ip);
 
-	if (address->range)
-	{
+	if (address->range) {
 		inet_ntop(address->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-		          &address->mask.v4, ip, sizeof(ip));
+			  &address->mask.v4, ip, sizeof(ip));
 
 		p += sprintf(p, "-%s", ip);
-	}
-	else if (!as_cidr)
-	{
+	} else if (!as_cidr) {
 		inet_ntop(address->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-		          &address->mask.v4, ip, sizeof(ip));
+			  &address->mask.v4, ip, sizeof(ip));
 
 		p += sprintf(p, "/%s", ip);
-	}
-	else
-	{
-		p += sprintf(p, "/%u", fw3_netmask2bitlen(address->family,
-		                                          &address->mask.v6));
+	} else {
+		p += sprintf(p, "/%u",
+			     fw3_netmask2bitlen(address->family,
+						&address->mask.v6));
 	}
 
 	return buf;
diff --git a/options.h b/options.h
index a75cfa3..6368a5c 100644
--- a/options.h
+++ b/options.h
@@ -19,7 +19,6 @@
 #ifndef __FW3_OPTIONS_H
 #define __FW3_OPTIONS_H
 
-
 #include <errno.h>
 
 #include <stdlib.h>
@@ -48,51 +47,46 @@
 #include "icmp_codes.h"
 #include "utils.h"
 
-
-enum fw3_table
-{
+enum fw3_table {
 	FW3_TABLE_FILTER = 0,
-	FW3_TABLE_NAT    = 1,
+	FW3_TABLE_NAT = 1,
 	FW3_TABLE_MANGLE = 2,
-	FW3_TABLE_RAW    = 3,
+	FW3_TABLE_RAW = 3,
 };
 
-enum fw3_family
-{
+enum fw3_family {
 	FW3_FAMILY_ANY = 0,
-	FW3_FAMILY_V4  = 4,
-	FW3_FAMILY_V6  = 5,
-};
-
-enum fw3_flag
-{
-	FW3_FLAG_UNSPEC        = 0,
-	FW3_FLAG_ACCEPT        = 6,
-	FW3_FLAG_REJECT        = 7,
-	FW3_FLAG_DROP          = 8,
-	FW3_FLAG_NOTRACK       = 9,
-	FW3_FLAG_HELPER        = 10,
-	FW3_FLAG_MARK          = 11,
-	FW3_FLAG_DSCP          = 12,
-	FW3_FLAG_DNAT          = 13,
-	FW3_FLAG_SNAT          = 14,
-	FW3_FLAG_MASQUERADE    = 15,
-	FW3_FLAG_SRC_ACCEPT    = 16,
-	FW3_FLAG_SRC_REJECT    = 17,
-	FW3_FLAG_SRC_DROP      = 18,
+	FW3_FAMILY_V4 = 4,
+	FW3_FAMILY_V6 = 5,
+};
+
+enum fw3_flag {
+	FW3_FLAG_UNSPEC = 0,
+	FW3_FLAG_ACCEPT = 6,
+	FW3_FLAG_REJECT = 7,
+	FW3_FLAG_DROP = 8,
+	FW3_FLAG_NOTRACK = 9,
+	FW3_FLAG_HELPER = 10,
+	FW3_FLAG_MARK = 11,
+	FW3_FLAG_DSCP = 12,
+	FW3_FLAG_DNAT = 13,
+	FW3_FLAG_SNAT = 14,
+	FW3_FLAG_MASQUERADE = 15,
+	FW3_FLAG_SRC_ACCEPT = 16,
+	FW3_FLAG_SRC_REJECT = 17,
+	FW3_FLAG_SRC_DROP = 18,
 	FW3_FLAG_CUSTOM_CHAINS = 19,
-	FW3_FLAG_SYN_FLOOD     = 20,
-	FW3_FLAG_MTU_FIX       = 21,
-	FW3_FLAG_DROP_INVALID  = 22,
-	FW3_FLAG_HOTPLUG       = 23,
+	FW3_FLAG_SYN_FLOOD = 20,
+	FW3_FLAG_MTU_FIX = 21,
+	FW3_FLAG_DROP_INVALID = 22,
+	FW3_FLAG_HOTPLUG = 23,
 
 	__FW3_FLAG_MAX
 };
 
-enum fw3_reject_code
-{
-	FW3_REJECT_CODE_TCP_RESET      = 0,
-	FW3_REJECT_CODE_PORT_UNREACH   = 1,
+enum fw3_reject_code {
+	FW3_REJECT_CODE_TCP_RESET = 0,
+	FW3_REJECT_CODE_PORT_UNREACH = 1,
 	FW3_REJECT_CODE_ADM_PROHIBITED = 2,
 
 	__FW3_REJECT_CODE_MAX
@@ -100,38 +94,33 @@ enum fw3_reject_code
 
 extern const char *fw3_flag_names[__FW3_FLAG_MAX];
 
-
-enum fw3_limit_unit
-{
+enum fw3_limit_unit {
 	FW3_LIMIT_UNIT_SECOND = 0,
 	FW3_LIMIT_UNIT_MINUTE = 1,
-	FW3_LIMIT_UNIT_HOUR   = 2,
-	FW3_LIMIT_UNIT_DAY    = 3,
+	FW3_LIMIT_UNIT_HOUR = 2,
+	FW3_LIMIT_UNIT_DAY = 3,
 
 	__FW3_LIMIT_UNIT_MAX
 };
 
 extern const char *fw3_limit_units[__FW3_LIMIT_UNIT_MAX];
 
-
-enum fw3_ipset_method
-{
+enum fw3_ipset_method {
 	FW3_IPSET_METHOD_UNSPEC = 0,
 	FW3_IPSET_METHOD_BITMAP = 1,
-	FW3_IPSET_METHOD_HASH   = 2,
-	FW3_IPSET_METHOD_LIST   = 3,
+	FW3_IPSET_METHOD_HASH = 2,
+	FW3_IPSET_METHOD_LIST = 3,
 
 	__FW3_IPSET_METHOD_MAX
 };
 
-enum fw3_ipset_type
-{
+enum fw3_ipset_type {
 	FW3_IPSET_TYPE_UNSPEC = 0,
-	FW3_IPSET_TYPE_IP     = 1,
-	FW3_IPSET_TYPE_PORT   = 2,
-	FW3_IPSET_TYPE_MAC    = 3,
-	FW3_IPSET_TYPE_NET    = 4,
-	FW3_IPSET_TYPE_SET    = 5,
+	FW3_IPSET_TYPE_IP = 1,
+	FW3_IPSET_TYPE_PORT = 2,
+	FW3_IPSET_TYPE_MAC = 3,
+	FW3_IPSET_TYPE_NET = 4,
+	FW3_IPSET_TYPE_SET = 5,
 
 	__FW3_IPSET_TYPE_MAX
 };
@@ -139,28 +128,23 @@ enum fw3_ipset_type
 extern const char *fw3_ipset_method_names[__FW3_IPSET_METHOD_MAX];
 extern const char *fw3_ipset_type_names[__FW3_IPSET_TYPE_MAX];
 
-
-enum fw3_include_type
-{
-	FW3_INC_TYPE_SCRIPT   = 0,
-	FW3_INC_TYPE_RESTORE  = 1,
+enum fw3_include_type {
+	FW3_INC_TYPE_SCRIPT = 0,
+	FW3_INC_TYPE_RESTORE = 1,
 };
 
-enum fw3_reflection_source
-{
+enum fw3_reflection_source {
 	FW3_REFLECTION_INTERNAL = 0,
 	FW3_REFLECTION_EXTERNAL = 1,
 };
 
-struct fw3_ipset_datatype
-{
+struct fw3_ipset_datatype {
 	struct list_head list;
 	enum fw3_ipset_type type;
 	const char *dir;
 };
 
-struct fw3_setmatch
-{
+struct fw3_setmatch {
 	bool set;
 	bool invert;
 	char name[32];
@@ -168,8 +152,7 @@ struct fw3_setmatch
 	struct fw3_ipset *ptr;
 };
 
-struct fw3_device
-{
+struct fw3_device {
 	struct list_head list;
 
 	bool set;
@@ -179,8 +162,7 @@ struct fw3_device
 	char network[32];
 };
 
-struct fw3_address
-{
+struct fw3_address {
 	struct list_head list;
 
 	bool set;
@@ -200,8 +182,7 @@ struct fw3_address
 	} mask;
 };
 
-struct fw3_mac
-{
+struct fw3_mac {
 	struct list_head list;
 
 	bool set;
@@ -209,8 +190,7 @@ struct fw3_mac
 	struct ether_addr mac;
 };
 
-struct fw3_protocol
-{
+struct fw3_protocol {
 	struct list_head list;
 
 	bool any;
@@ -218,8 +198,7 @@ struct fw3_protocol
 	uint32_t protocol;
 };
 
-struct fw3_port
-{
+struct fw3_port {
 	struct list_head list;
 
 	bool set;
@@ -228,8 +207,7 @@ struct fw3_port
 	uint16_t port_max;
 };
 
-struct fw3_icmptype
-{
+struct fw3_icmptype {
 	struct list_head list;
 
 	bool invert;
@@ -242,42 +220,37 @@ struct fw3_icmptype
 	uint8_t code6_max;
 };
 
-struct fw3_limit
-{
+struct fw3_limit {
 	bool invert;
 	int rate;
 	int burst;
 	enum fw3_limit_unit unit;
 };
 
-struct fw3_time
-{
+struct fw3_time {
 	bool utc;
 	struct tm datestart;
 	struct tm datestop;
 	uint32_t timestart;
 	uint32_t timestop;
 	uint32_t monthdays; /* bit 0 is invert + 1 .. 31 */
-	uint8_t weekdays;   /* bit 0 is invert + 1 .. 7 */
+	uint8_t weekdays; /* bit 0 is invert + 1 .. 7 */
 };
 
-struct fw3_mark
-{
+struct fw3_mark {
 	bool set;
 	bool invert;
 	uint32_t mark;
 	uint32_t mask;
 };
 
-struct fw3_dscp
-{
+struct fw3_dscp {
 	bool set;
 	bool invert;
 	uint8_t dscp;
 };
 
-struct fw3_cthelpermatch
-{
+struct fw3_cthelpermatch {
 	struct list_head list;
 
 	bool set;
@@ -286,8 +259,7 @@ struct fw3_cthelpermatch
 	struct fw3_cthelper *ptr;
 };
 
-struct fw3_defaults
-{
+struct fw3_defaults {
 	enum fw3_flag policy_input;
 	enum fw3_flag policy_output;
 	enum fw3_flag policy_forward;
@@ -316,8 +288,7 @@ struct fw3_defaults
 	uint32_t flags[2];
 };
 
-struct fw3_zone
-{
+struct fw3_zone {
 	struct list_head list;
 
 	bool enabled;
@@ -356,8 +327,7 @@ struct fw3_zone
 	struct list_head old_addrs;
 };
 
-struct fw3_rule
-{
+struct fw3_rule {
 	struct list_head list;
 
 	bool enabled;
@@ -401,8 +371,7 @@ struct fw3_rule
 	const char *extra;
 };
 
-struct fw3_redirect
-{
+struct fw3_redirect {
 	struct list_head list;
 
 	bool enabled;
@@ -443,8 +412,7 @@ struct fw3_redirect
 	enum fw3_reflection_source reflection_src;
 };
 
-struct fw3_snat
-{
+struct fw3_snat {
 	struct list_head list;
 
 	bool enabled;
@@ -480,8 +448,7 @@ struct fw3_snat
 	const char *extra;
 };
 
-struct fw3_forward
-{
+struct fw3_forward {
 	struct list_head list;
 
 	bool enabled;
@@ -496,8 +463,7 @@ struct fw3_forward
 	struct fw3_device dest;
 };
 
-struct fw3_ipset
-{
+struct fw3_ipset {
 	struct list_head list;
 
 	bool enabled;
@@ -524,8 +490,7 @@ struct fw3_ipset
 	uint32_t flags[2];
 };
 
-struct fw3_include
-{
+struct fw3_include {
 	struct list_head list;
 
 	bool enabled;
@@ -538,8 +503,7 @@ struct fw3_include
 	bool reload;
 };
 
-struct fw3_cthelper
-{
+struct fw3_cthelper {
 	struct list_head list;
 
 	bool enabled;
@@ -551,14 +515,12 @@ struct fw3_cthelper
 	struct fw3_port port;
 };
 
-struct fw3_setentry
-{
+struct fw3_setentry {
 	struct list_head list;
 	const char *value;
 };
 
-struct fw3_state
-{
+struct fw3_state {
 	struct uci_context *uci;
 	struct fw3_defaults defaults;
 	struct list_head zones;
@@ -581,21 +543,25 @@ struct fw3_chain_spec {
 	const char *format;
 };
 
-
-struct fw3_option
-{
+struct fw3_option {
 	const char *name;
 	bool (*parse)(void *, const char *, bool);
 	uintptr_t offset;
 	size_t elem_size;
 };
 
-#define FW3_OPT(name, parse, structure, member) \
-	{ name, fw3_parse_##parse, offsetof(struct fw3_##structure, member) }
+#define FW3_OPT(name, parse, structure, member)                                \
+	{                                                                      \
+		name, fw3_parse_##parse,                                       \
+			offsetof(struct fw3_##structure, member)               \
+	}
 
-#define FW3_LIST(name, parse, structure, member) \
-	{ name, fw3_parse_##parse, offsetof(struct fw3_##structure, member), \
-	  sizeof(struct fw3_##structure) }
+#define FW3_LIST(name, parse, structure, member)                               \
+	{                                                                      \
+		name, fw3_parse_##parse,                                       \
+			offsetof(struct fw3_##structure, member),              \
+			sizeof(struct fw3_##structure)                         \
+	}
 
 bool fw3_parse_bool(void *ptr, const char *val, bool is_list);
 bool fw3_parse_int(void *ptr, const char *val, bool is_list);
@@ -630,11 +596,11 @@ bool fw3_parse_cthelper(void *ptr, const char *val, bool is_list);
 bool fw3_parse_setentry(void *ptr, const char *val, bool is_list);
 
 bool fw3_parse_options(void *s, const struct fw3_option *opts,
-                       struct uci_section *section);
+		       struct uci_section *section);
 bool fw3_parse_blob_options(void *s, const struct fw3_option *opts,
-                            struct blob_attr *a, const char *name);
+			    struct blob_attr *a, const char *name);
 
-const char * fw3_address_to_string(struct fw3_address *address,
-                                   bool allow_invert, bool as_cidr);
+const char *fw3_address_to_string(struct fw3_address *address,
+				  bool allow_invert, bool as_cidr);
 
 #endif
diff --git a/redirects.c b/redirects.c
index 97529ee..fe2afc5 100644
--- a/redirects.c
+++ b/redirects.c
@@ -18,102 +18,92 @@
 
 #include "redirects.h"
 
-
 const struct fw3_option fw3_redirect_opts[] = {
-	FW3_OPT("enabled",             bool,      redirect,     enabled),
+	FW3_OPT("enabled", bool, redirect, enabled),
 
-	FW3_OPT("name",                string,    redirect,     name),
-	FW3_OPT("family",              family,    redirect,     family),
+	FW3_OPT("name", string, redirect, name),
+	FW3_OPT("family", family, redirect, family),
 
-	FW3_OPT("src",                 device,    redirect,     src),
-	FW3_OPT("dest",                device,    redirect,     dest),
+	FW3_OPT("src", device, redirect, src),
+	FW3_OPT("dest", device, redirect, dest),
 
-	FW3_OPT("ipset",               setmatch,  redirect,     ipset),
-	FW3_OPT("helper",              cthelper,  redirect,     helper),
+	FW3_OPT("ipset", setmatch, redirect, ipset),
+	FW3_OPT("helper", cthelper, redirect, helper),
 
-	FW3_LIST("proto",              protocol,  redirect,     proto),
+	FW3_LIST("proto", protocol, redirect, proto),
 
-	FW3_OPT("src_ip",              network,   redirect,     ip_src),
-	FW3_LIST("src_mac",            mac,       redirect,     mac_src),
-	FW3_OPT("src_port",            port,      redirect,     port_src),
+	FW3_OPT("src_ip", network, redirect, ip_src),
+	FW3_LIST("src_mac", mac, redirect, mac_src),
+	FW3_OPT("src_port", port, redirect, port_src),
 
-	FW3_OPT("src_dip",             network,   redirect,     ip_dest),
-	FW3_OPT("src_dport",           port,      redirect,     port_dest),
+	FW3_OPT("src_dip", network, redirect, ip_dest),
+	FW3_OPT("src_dport", port, redirect, port_dest),
 
-	FW3_OPT("dest_ip",             network,   redirect,     ip_redir),
-	FW3_OPT("dest_port",           port,      redirect,     port_redir),
+	FW3_OPT("dest_ip", network, redirect, ip_redir),
+	FW3_OPT("dest_port", port, redirect, port_redir),
 
-	FW3_OPT("extra",               string,    redirect,     extra),
+	FW3_OPT("extra", string, redirect, extra),
 
-	FW3_OPT("limit",               limit,     redirect,     limit),
-	FW3_OPT("limit_burst",         int,       redirect,     limit.burst),
+	FW3_OPT("limit", limit, redirect, limit),
+	FW3_OPT("limit_burst", int, redirect, limit.burst),
 
-	FW3_OPT("utc_time",            bool,      redirect,     time.utc),
-	FW3_OPT("start_date",          date,      redirect,     time.datestart),
-	FW3_OPT("stop_date",           date,      redirect,     time.datestop),
-	FW3_OPT("start_time",          time,      redirect,     time.timestart),
-	FW3_OPT("stop_time",           time,      redirect,     time.timestop),
-	FW3_OPT("weekdays",            weekdays,  redirect,     time.weekdays),
-	FW3_OPT("monthdays",           monthdays, redirect,     time.monthdays),
+	FW3_OPT("utc_time", bool, redirect, time.utc),
+	FW3_OPT("start_date", date, redirect, time.datestart),
+	FW3_OPT("stop_date", date, redirect, time.datestop),
+	FW3_OPT("start_time", time, redirect, time.timestart),
+	FW3_OPT("stop_time", time, redirect, time.timestop),
+	FW3_OPT("weekdays", weekdays, redirect, time.weekdays),
+	FW3_OPT("monthdays", monthdays, redirect, time.monthdays),
 
-	FW3_OPT("mark",                mark,      redirect,     mark),
+	FW3_OPT("mark", mark, redirect, mark),
 
-	FW3_OPT("reflection",          bool,      redirect,     reflection),
-	FW3_OPT("reflection_src",      reflection_source,
-	                                          redirect,     reflection_src),
+	FW3_OPT("reflection", bool, redirect, reflection),
+	FW3_OPT("reflection_src", reflection_source, redirect, reflection_src),
 
-	FW3_OPT("target",              target,    redirect,     target),
+	FW3_OPT("target", target, redirect, target),
 
-	{ }
+	{}
 };
 
-
-static bool
-check_families(struct uci_element *e, struct fw3_redirect *r)
+static bool check_families(struct uci_element *e, struct fw3_redirect *r)
 {
 	if (r->family == FW3_FAMILY_ANY)
 		return true;
 
-	if (r->_src && r->_src->family && r->_src->family != r->family)
-	{
+	if (r->_src && r->_src->family && r->_src->family != r->family) {
 		warn_elem(e, "refers to source zone with different family");
 		return false;
 	}
 
-	if (r->_dest && r->_dest->family && r->_dest->family != r->family)
-	{
-		warn_elem(e, "refers to destination zone with different family");
+	if (r->_dest && r->_dest->family && r->_dest->family != r->family) {
+		warn_elem(e,
+			  "refers to destination zone with different family");
 		return false;
 	}
 
 	if (r->ipset.ptr && r->ipset.ptr->family &&
-	    r->ipset.ptr->family != r->family)
-	{
+	    r->ipset.ptr->family != r->family) {
 		warn_elem(e, "refers to ipset with different family");
 		return false;
 	}
 
 	if (r->helper.ptr && r->helper.ptr->family &&
-	    r->helper.ptr->family != r->family)
-	{
+	    r->helper.ptr->family != r->family) {
 		warn_elem(e, "refers to CT helper not supporting family");
 		return false;
 	}
 
-	if (r->ip_src.family && r->ip_src.family != r->family)
-	{
+	if (r->ip_src.family && r->ip_src.family != r->family) {
 		warn_elem(e, "uses source ip with different family");
 		return false;
 	}
 
-	if (r->ip_dest.family && r->ip_dest.family != r->family)
-	{
+	if (r->ip_dest.family && r->ip_dest.family != r->family) {
 		warn_elem(e, "uses destination ip with different family");
 		return false;
 	}
 
-	if (r->ip_redir.family && r->ip_redir.family != r->family)
-	{
+	if (r->ip_redir.family && r->ip_redir.family != r->family) {
 		warn_elem(e, "uses redirect ip with different family");
 		return false;
 	}
@@ -121,19 +111,17 @@ check_families(struct uci_element *e, struct fw3_redirect *r)
 	return true;
 }
 
-static bool
-compare_addr(struct fw3_address *a, struct fw3_address *b)
+static bool compare_addr(struct fw3_address *a, struct fw3_address *b)
 {
 	if (a->family != FW3_FAMILY_V4 || b->family != FW3_FAMILY_V4)
 		return false;
 
 	return ((a->address.v4.s_addr & a->mask.v4.s_addr) ==
-	        (b->address.v4.s_addr & a->mask.v4.s_addr));
+		(b->address.v4.s_addr & a->mask.v4.s_addr));
 }
 
-static bool
-resolve_dest(struct uci_element *e, struct fw3_redirect *redir,
-             struct fw3_state *state)
+static bool resolve_dest(struct uci_element *e, struct fw3_redirect *redir,
+			 struct fw3_state *state)
 {
 	struct fw3_zone *zone;
 	struct fw3_address *addr;
@@ -142,19 +130,18 @@ resolve_dest(struct uci_element *e, struct fw3_redirect *redir,
 	if (!redir->ip_redir.set)
 		return false;
 
-	list_for_each_entry(zone, &state->zones, list)
-	{
+	list_for_each_entry (zone, &state->zones, list) {
 		addrs = fw3_resolve_zone_addresses(zone, NULL);
 
 		if (!addrs)
 			continue;
 
-		list_for_each_entry(addr, addrs, list)
-		{
+		list_for_each_entry (addr, addrs, list) {
 			if (!compare_addr(addr, &redir->ip_redir))
 				continue;
 
-			strncpy(redir->dest.name, zone->name, sizeof(redir->dest.name) - 1);
+			strncpy(redir->dest.name, zone->name,
+				sizeof(redir->dest.name) - 1);
 			redir->dest.set = true;
 			redir->_dest = zone;
 
@@ -170,9 +157,8 @@ resolve_dest(struct uci_element *e, struct fw3_redirect *redir,
 	return false;
 }
 
-static bool
-check_local(struct uci_element *e, struct fw3_redirect *redir,
-            struct fw3_state *state)
+static bool check_local(struct uci_element *e, struct fw3_redirect *redir,
+			struct fw3_state *state)
 {
 	if (redir->target != FW3_FLAG_DNAT)
 		return false;
@@ -183,8 +169,7 @@ check_local(struct uci_element *e, struct fw3_redirect *redir,
 	return redir->local;
 }
 
-static void
-select_helper(struct fw3_state *state, struct fw3_redirect *redir)
+static void select_helper(struct fw3_state *state, struct fw3_redirect *redir)
 {
 	struct fw3_protocol *proto;
 	struct fw3_cthelper *helper;
@@ -205,9 +190,9 @@ select_helper(struct fw3_state *state, struct fw3_redirect *redir)
 	if (list_empty(&redir->proto))
 		return;
 
-	list_for_each_entry(proto, &redir->proto, list)
-	{
-		helper = fw3_lookup_cthelper_by_proto_port(state, proto, &redir->port_redir);
+	list_for_each_entry (proto, &redir->proto, list) {
+		helper = fw3_lookup_cthelper_by_proto_port(state, proto,
+							   &redir->port_redir);
 
 		if (helper)
 			n_matches++;
@@ -225,125 +210,132 @@ select_helper(struct fw3_state *state, struct fw3_redirect *redir)
 	set(redir->_src->flags, FW3_FAMILY_V4, FW3_FLAG_HELPER);
 }
 
-static bool
-check_redirect(struct fw3_state *state, struct fw3_redirect *redir, struct uci_element *e)
+static bool check_redirect(struct fw3_state *state, struct fw3_redirect *redir,
+			   struct uci_element *e)
 {
 	bool valid;
 
 	if (!redir->enabled)
 		return false;
 
-	if (redir->src.invert)
-	{
-		warn_section("redirect", redir, e, "must not have an inverted source");
+	if (redir->src.invert) {
+		warn_section("redirect", redir, e,
+			     "must not have an inverted source");
 		return false;
-	}
-	else if (redir->src.set && !redir->src.any &&
-			!(redir->_src = fw3_lookup_zone(state, redir->src.name)))
-	{
-		warn_section("redirect", redir, e, "refers to not existing zone '%s'",
-				redir->src.name);
+	} else if (redir->src.set && !redir->src.any &&
+		   !(redir->_src = fw3_lookup_zone(state, redir->src.name))) {
+		warn_section("redirect", redir, e,
+			     "refers to not existing zone '%s'",
+			     redir->src.name);
 		return false;
-	}
-	else if (redir->dest.set && !redir->dest.any &&
-			!(redir->_dest = fw3_lookup_zone(state, redir->dest.name)))
-	{
-		warn_section("redirect", redir, e, "refers to not existing zone '%s'",
-				redir->dest.name);
+	} else if (redir->dest.set && !redir->dest.any &&
+		   !(redir->_dest = fw3_lookup_zone(state, redir->dest.name))) {
+		warn_section("redirect", redir, e,
+			     "refers to not existing zone '%s'",
+			     redir->dest.name);
 		return false;
-	}
-	else if (redir->ipset.set && state->disable_ipsets)
-	{
-		warn_section("redirect", redir, e, "skipped due to disabled ipset support",
-				redir->name);
+	} else if (redir->ipset.set && state->disable_ipsets) {
+		warn_section("redirect", redir, e,
+			     "skipped due to disabled ipset support",
+			     redir->name);
 		return false;
-	}
-	else if (redir->ipset.set &&
-			!(redir->ipset.ptr = fw3_lookup_ipset(state, redir->ipset.name)))
-	{
-		warn_section("redirect", redir, e, "refers to unknown ipset '%s'", redir->name,
-				redir->ipset.name);
+	} else if (redir->ipset.set && !(redir->ipset.ptr = fw3_lookup_ipset(
+						 state, redir->ipset.name))) {
+		warn_section("redirect", redir, e,
+			     "refers to unknown ipset '%s'", redir->name,
+			     redir->ipset.name);
 		return false;
-	}
-	else if (redir->helper.set &&
-	         !(redir->helper.ptr = fw3_lookup_cthelper(state, redir->helper.name)))
-	{
-		warn_section("redirect", redir, e, "refers to unknown CT helper '%s'",
-		             redir->helper.name);
+	} else if (redir->helper.set &&
+		   !(redir->helper.ptr =
+			     fw3_lookup_cthelper(state, redir->helper.name))) {
+		warn_section("redirect", redir, e,
+			     "refers to unknown CT helper '%s'",
+			     redir->helper.name);
 		return false;
 	}
 
 	if (!check_families(e, redir))
 		return false;
 
-	if (redir->target == FW3_FLAG_UNSPEC)
-	{
-		warn_section("redirect", redir, e, "has no target specified, defaulting to DNAT");
+	if (redir->target == FW3_FLAG_UNSPEC) {
+		warn_section("redirect", redir, e,
+			     "has no target specified, defaulting to DNAT");
 		redir->target = FW3_FLAG_DNAT;
-	}
-	else if (redir->target < FW3_FLAG_DNAT || redir->target > FW3_FLAG_SNAT)
-	{
-		warn_section("redirect", redir, e, "has invalid target specified, defaulting to DNAT");
+	} else if (redir->target < FW3_FLAG_DNAT ||
+		   redir->target > FW3_FLAG_SNAT) {
+		warn_section(
+			"redirect", redir, e,
+			"has invalid target specified, defaulting to DNAT");
 		redir->target = FW3_FLAG_DNAT;
 	}
 
 	valid = false;
 
-	if (redir->target == FW3_FLAG_DNAT)
-	{
+	if (redir->target == FW3_FLAG_DNAT) {
 		if (redir->src.any)
-			warn_section("redirect", redir, e, "must not have source '*' for DNAT target");
+			warn_section(
+				"redirect", redir, e,
+				"must not have source '*' for DNAT target");
 		else if (!redir->_src)
-			warn_section("redirect", redir, e, "has no source specified");
+			warn_section("redirect", redir, e,
+				     "has no source specified");
 		else if (redir->helper.invert)
-			warn_section("redirect", redir, e, "must not use a negated helper match");
-		else
-		{
+			warn_section("redirect", redir, e,
+				     "must not use a negated helper match");
+		else {
 			set(redir->_src->flags, FW3_FAMILY_V4, redir->target);
 			valid = true;
 
 			if (!check_local(e, redir, state) && !redir->dest.set &&
-					resolve_dest(e, redir, state))
-			{
-				warn_section("redirect", redir, e,
-						"does not specify a destination, assuming '%s'",
-						redir->dest.name);
+			    resolve_dest(e, redir, state)) {
+				warn_section(
+					"redirect", redir, e,
+					"does not specify a destination, assuming '%s'",
+					redir->dest.name);
 			}
 
-			if (redir->reflection && redir->_dest && redir->_src->masq)
-			{
-				set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_ACCEPT);
-				set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_DNAT);
-				set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT);
+			if (redir->reflection && redir->_dest &&
+			    redir->_src->masq) {
+				set(redir->_dest->flags, FW3_FAMILY_V4,
+				    FW3_FLAG_ACCEPT);
+				set(redir->_dest->flags, FW3_FAMILY_V4,
+				    FW3_FLAG_DNAT);
+				set(redir->_dest->flags, FW3_FAMILY_V4,
+				    FW3_FLAG_SNAT);
 			}
 
 			if (redir->helper.ptr)
-				set(redir->_src->flags, FW3_FAMILY_V4, FW3_FLAG_HELPER);
+				set(redir->_src->flags, FW3_FAMILY_V4,
+				    FW3_FLAG_HELPER);
 		}
-	}
-	else
-	{
+	} else {
 		if (redir->dest.any)
-			warn_section("redirect", redir, e,
-					"must not have destination '*' for SNAT target");
+			warn_section(
+				"redirect", redir, e,
+				"must not have destination '*' for SNAT target");
 		else if (!redir->_dest)
-			warn_section("redirect", redir, e, "has no destination specified");
+			warn_section("redirect", redir, e,
+				     "has no destination specified");
 		else if (!redir->ip_dest.set)
-			warn_section("redirect", redir, e, "has no src_dip option specified");
+			warn_section("redirect", redir, e,
+				     "has no src_dip option specified");
 		else if (!list_empty(&redir->mac_src))
-			warn_section("redirect", redir, e, "must not use 'src_mac' option for SNAT target");
+			warn_section(
+				"redirect", redir, e,
+				"must not use 'src_mac' option for SNAT target");
 		else if (redir->helper.set)
-			warn_section("redirect", redir, e, "must not use 'helper' option for SNAT target");
-		else
-		{
+			warn_section(
+				"redirect", redir, e,
+				"must not use 'helper' option for SNAT target");
+		else {
 			set(redir->_dest->flags, FW3_FAMILY_V4, redir->target);
 			valid = true;
 		}
 	}
 
-	if (list_empty(&redir->proto))
-	{
-		warn_section("redirect", redir, e, "does not specify a protocol, assuming TCP+UDP");
+	if (list_empty(&redir->proto)) {
+		warn_section("redirect", redir, e,
+			     "does not specify a protocol, assuming TCP+UDP");
 		fw3_parse_protocol(&redir->proto, "tcpudp", true);
 	}
 
@@ -356,8 +348,7 @@ check_redirect(struct fw3_state *state, struct fw3_redirect *redir, struct uci_e
 	return true;
 }
 
-static struct fw3_redirect *
-fw3_alloc_redirect(struct fw3_state *state)
+static struct fw3_redirect *fw3_alloc_redirect(struct fw3_state *state)
 {
 	struct fw3_redirect *redir;
 
@@ -376,9 +367,8 @@ fw3_alloc_redirect(struct fw3_state *state)
 	return redir;
 }
 
-void
-fw3_load_redirects(struct fw3_state *state, struct uci_package *p,
-		struct blob_attr *a)
+void fw3_load_redirects(struct fw3_state *state, struct uci_package *p,
+			struct blob_attr *a)
 {
 	struct uci_section *s;
 	struct uci_element *e;
@@ -403,9 +393,10 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p,
 		if (!redir)
 			continue;
 
-		if (!fw3_parse_blob_options(redir, fw3_redirect_opts, entry, name))
-		{
-			warn_section("redirect", redir, NULL, "skipped due to invalid options");
+		if (!fw3_parse_blob_options(redir, fw3_redirect_opts, entry,
+					    name)) {
+			warn_section("redirect", redir, NULL,
+				     "skipped due to invalid options");
 			fw3_free_redirect(redir);
 			continue;
 		}
@@ -429,8 +420,7 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p,
 		if (!redir)
 			continue;
 
-		if (!fw3_parse_options(redir, fw3_redirect_opts, s))
-		{
+		if (!fw3_parse_options(redir, fw3_redirect_opts, s)) {
 			warn_elem(e, "skipped due to invalid options");
 			fw3_free_redirect(redir);
 			continue;
@@ -445,8 +435,7 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p,
 	}
 }
 
-static void
-append_chain_nat(struct fw3_ipt_rule *r, struct fw3_redirect *redir)
+static void append_chain_nat(struct fw3_ipt_rule *r, struct fw3_redirect *redir)
 {
 	if (redir->target == FW3_FLAG_DNAT)
 		fw3_ipt_rule_append(r, "zone_%s_prerouting", redir->src.name);
@@ -454,107 +443,96 @@ append_chain_nat(struct fw3_ipt_rule *r, struct fw3_redirect *redir)
 		fw3_ipt_rule_append(r, "zone_%s_postrouting", redir->dest.name);
 }
 
-static void
-set_redirect(struct fw3_ipt_rule *r, struct fw3_port *port)
+static void set_redirect(struct fw3_ipt_rule *r, struct fw3_port *port)
 {
 	char buf[sizeof("65535-65535\0")];
 
 	fw3_ipt_rule_target(r, "REDIRECT");
 
-	if (port && port->set)
-	{
+	if (port && port->set) {
 		if (port->port_min == port->port_max)
 			sprintf(buf, "%u", port->port_min);
 		else
-			snprintf(buf, sizeof(buf), "%u-%u", port->port_min, port->port_max);
+			snprintf(buf, sizeof(buf), "%u-%u", port->port_min,
+				 port->port_max);
 
 		fw3_ipt_rule_addarg(r, false, "--to-ports", buf);
 	}
 }
 
-static void
-set_snat_dnat(struct fw3_ipt_rule *r, enum fw3_flag target,
-              struct fw3_address *addr, struct fw3_port *port)
+static void set_snat_dnat(struct fw3_ipt_rule *r, enum fw3_flag target,
+			  struct fw3_address *addr, struct fw3_port *port)
 {
 	char buf[sizeof("255.255.255.255:65535-65535\0")];
 
 	buf[0] = '\0';
 
-	if (addr && addr->set)
-	{
+	if (addr && addr->set) {
 		inet_ntop(AF_INET, &addr->address.v4, buf, sizeof(buf));
 	}
 
-	if (port && port->set)
-	{
+	if (port && port->set) {
 		if (port->port_min == port->port_max)
 			sprintf(buf + strlen(buf), ":%u", port->port_min);
 		else
-			sprintf(buf + strlen(buf), ":%u-%u",
-			        port->port_min, port->port_max);
+			sprintf(buf + strlen(buf), ":%u-%u", port->port_min,
+				port->port_max);
 	}
 
-	if (target == FW3_FLAG_DNAT)
-	{
+	if (target == FW3_FLAG_DNAT) {
 		fw3_ipt_rule_target(r, "DNAT");
 		fw3_ipt_rule_addarg(r, false, "--to-destination", buf);
-	}
-	else
-	{
+	} else {
 		fw3_ipt_rule_target(r, "SNAT");
 		fw3_ipt_rule_addarg(r, false, "--to-source", buf);
 	}
 }
 
-static void
-set_target_nat(struct fw3_ipt_rule *r, struct fw3_redirect *redir)
+static void set_target_nat(struct fw3_ipt_rule *r, struct fw3_redirect *redir)
 {
 	if (redir->local)
 		set_redirect(r, &redir->port_redir);
 	else if (redir->target == FW3_FLAG_DNAT)
-		set_snat_dnat(r, redir->target, &redir->ip_redir, &redir->port_redir);
+		set_snat_dnat(r, redir->target, &redir->ip_redir,
+			      &redir->port_redir);
 	else
-		set_snat_dnat(r, redir->target, &redir->ip_dest, &redir->port_dest);
+		set_snat_dnat(r, redir->target, &redir->ip_dest,
+			      &redir->port_dest);
 }
 
-static void
-set_comment(struct fw3_ipt_rule *r, const char *name, int num, const char *suffix)
+static void set_comment(struct fw3_ipt_rule *r, const char *name, int num,
+			const char *suffix)
 {
-	if (name)
-	{
+	if (name) {
 		if (suffix)
 			fw3_ipt_rule_comment(r, "%s (%s)", name, suffix);
 		else
 			fw3_ipt_rule_comment(r, name);
-	}
-	else
-	{
+	} else {
 		if (suffix)
-			fw3_ipt_rule_comment(r, "@redirect[%u] (%s)", num, suffix);
+			fw3_ipt_rule_comment(r, "@redirect[%u] (%s)", num,
+					     suffix);
 		else
 			fw3_ipt_rule_comment(r, "@redirect[%u]", num);
 	}
 }
 
-static void
-print_redirect(struct fw3_ipt_handle *h, struct fw3_state *state,
-               struct fw3_redirect *redir, int num,
-               struct fw3_protocol *proto, struct fw3_mac *mac)
+static void print_redirect(struct fw3_ipt_handle *h, struct fw3_state *state,
+			   struct fw3_redirect *redir, int num,
+			   struct fw3_protocol *proto, struct fw3_mac *mac)
 {
 	struct fw3_ipt_rule *r;
 	struct fw3_address *src, *dst;
 	struct fw3_port *spt, *dpt;
 
-	switch (h->table)
-	{
+	switch (h->table) {
 	case FW3_TABLE_NAT:
 		src = &redir->ip_src;
 		dst = &redir->ip_dest;
 		spt = &redir->port_src;
 		dpt = &redir->port_dest;
 
-		if (redir->target == FW3_FLAG_SNAT)
-		{
+		if (redir->target == FW3_FLAG_SNAT) {
 			dst = &redir->ip_redir;
 			dpt = &redir->port_redir;
 		}
@@ -574,12 +552,12 @@ print_redirect(struct fw3_ipt_handle *h, struct fw3_state *state,
 		break;
 
 	case FW3_TABLE_RAW:
-		if (redir->target == FW3_FLAG_DNAT && redir->helper.ptr)
-		{
-			if (!fw3_cthelper_check_proto(redir->helper.ptr, proto))
-			{
+		if (redir->target == FW3_FLAG_DNAT && redir->helper.ptr) {
+			if (!fw3_cthelper_check_proto(redir->helper.ptr,
+						      proto)) {
 				info("     ! Skipping protocol %s since helper '%s' does not support it",
-				     fw3_protoname(proto), redir->helper.ptr->name);
+				     fw3_protoname(proto),
+				     redir->helper.ptr->name);
 				return;
 			}
 
@@ -587,8 +565,11 @@ print_redirect(struct fw3_ipt_handle *h, struct fw3_state *state,
 				info("     - Auto-selected conntrack helper '%s' based on proto/port",
 				     redir->helper.ptr->name);
 
-			r = fw3_ipt_rule_create(h, proto, NULL, NULL, &redir->ip_src, &redir->ip_redir);
-			fw3_ipt_rule_sport_dport(r, &redir->port_src, &redir->port_redir);
+			r = fw3_ipt_rule_create(h, proto, NULL, NULL,
+						&redir->ip_src,
+						&redir->ip_redir);
+			fw3_ipt_rule_sport_dport(r, &redir->port_src,
+						 &redir->port_redir);
 			fw3_ipt_rule_mac(r, mac);
 			fw3_ipt_rule_ipset(r, &redir->ipset);
 			fw3_ipt_rule_limit(r, &redir->limit);
@@ -597,9 +578,11 @@ print_redirect(struct fw3_ipt_handle *h, struct fw3_state *state,
 			fw3_ipt_rule_addarg(r, false, "-m", "conntrack");
 			fw3_ipt_rule_addarg(r, false, "--ctstate", "DNAT");
 			fw3_ipt_rule_target(r, "CT");
-			fw3_ipt_rule_addarg(r, false, "--helper", redir->helper.ptr->name);
+			fw3_ipt_rule_addarg(r, false, "--helper",
+					    redir->helper.ptr->name);
 			set_comment(r, redir->name, num, "CT helper");
-			fw3_ipt_rule_append(r, "zone_%s_helper", redir->_src->name);
+			fw3_ipt_rule_append(r, "zone_%s_helper",
+					    redir->_src->name);
 		}
 		break;
 
@@ -608,32 +591,33 @@ print_redirect(struct fw3_ipt_handle *h, struct fw3_state *state,
 	}
 }
 
-static void
-print_reflection(struct fw3_ipt_handle *h, struct fw3_state *state,
-                 struct fw3_redirect *redir, int num,
-                 struct fw3_protocol *proto, struct fw3_address *ra,
-                 struct fw3_address *ia, struct fw3_address *ea)
+static void print_reflection(struct fw3_ipt_handle *h, struct fw3_state *state,
+			     struct fw3_redirect *redir, int num,
+			     struct fw3_protocol *proto, struct fw3_address *ra,
+			     struct fw3_address *ia, struct fw3_address *ea)
 {
 	struct fw3_ipt_rule *r;
 
-	switch (h->table)
-	{
+	switch (h->table) {
 	case FW3_TABLE_NAT:
 		r = fw3_ipt_rule_create(h, proto, NULL, NULL, ia, ea);
 		fw3_ipt_rule_sport_dport(r, NULL, &redir->port_dest);
 		fw3_ipt_rule_limit(r, &redir->limit);
 		fw3_ipt_rule_time(r, &redir->time);
 		set_comment(r, redir->name, num, "reflection");
-		set_snat_dnat(r, FW3_FLAG_DNAT, &redir->ip_redir, &redir->port_redir);
+		set_snat_dnat(r, FW3_FLAG_DNAT, &redir->ip_redir,
+			      &redir->port_redir);
 		fw3_ipt_rule_replace(r, "zone_%s_prerouting", redir->dest.name);
 
-		r = fw3_ipt_rule_create(h, proto, NULL, NULL, ia, &redir->ip_redir);
+		r = fw3_ipt_rule_create(h, proto, NULL, NULL, ia,
+					&redir->ip_redir);
 		fw3_ipt_rule_sport_dport(r, NULL, &redir->port_redir);
 		fw3_ipt_rule_limit(r, &redir->limit);
 		fw3_ipt_rule_time(r, &redir->time);
 		set_comment(r, redir->name, num, "reflection");
 		set_snat_dnat(r, FW3_FLAG_SNAT, ra, NULL);
-		fw3_ipt_rule_replace(r, "zone_%s_postrouting", redir->dest.name);
+		fw3_ipt_rule_replace(r, "zone_%s_postrouting",
+				     redir->dest.name);
 		break;
 
 	default:
@@ -641,9 +625,9 @@ print_reflection(struct fw3_ipt_handle *h, struct fw3_state *state,
 	}
 }
 
-static void
-expand_redirect(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                struct fw3_redirect *redir, int num)
+static void expand_redirect(struct fw3_ipt_handle *handle,
+			    struct fw3_state *state, struct fw3_redirect *redir,
+			    int num)
 {
 	struct list_head *ext_addrs, *int_addrs;
 	struct fw3_address *ext_addr, *int_addr, ref_addr;
@@ -656,49 +640,44 @@ expand_redirect(struct fw3_ipt_handle *handle, struct fw3_state *state,
 		info("   * Redirect #%u", num);
 
 	if (!fw3_is_family(redir->_src, handle->family) ||
-		!fw3_is_family(redir->_dest, handle->family))
-	{
+	    !fw3_is_family(redir->_dest, handle->family)) {
 		info("     ! Skipping due to different family of zone");
 		return;
 	}
 
 	if (!fw3_is_family(&redir->ip_src, handle->family) ||
 	    !fw3_is_family(&redir->ip_dest, handle->family) ||
-		!fw3_is_family(&redir->ip_redir, handle->family))
-	{
-		if (!redir->ip_src.resolved ||
-		    !redir->ip_dest.resolved ||
+	    !fw3_is_family(&redir->ip_redir, handle->family)) {
+		if (!redir->ip_src.resolved || !redir->ip_dest.resolved ||
 		    !redir->ip_redir.resolved)
 			info("     ! Skipping due to different family of ip address");
 
 		return;
 	}
 
-	if (redir->ipset.ptr)
-	{
-		if (!fw3_is_family(redir->ipset.ptr, handle->family))
-		{
+	if (redir->ipset.ptr) {
+		if (!fw3_is_family(redir->ipset.ptr, handle->family)) {
 			info("     ! Skipping due to different family in ipset");
 			return;
 		}
 
-		if (!fw3_check_ipset(redir->ipset.ptr))
-		{
+		if (!fw3_check_ipset(redir->ipset.ptr)) {
 			info("     ! Skipping due to missing ipset '%s'",
 			     redir->ipset.ptr->external ?
-					redir->ipset.ptr->external : redir->ipset.ptr->name);
+				     redir->ipset.ptr->external :
+				     redir->ipset.ptr->name);
 			return;
 		}
 
 		set(redir->ipset.ptr->flags, handle->family, handle->family);
 	}
 
-	fw3_foreach(proto, &redir->proto)
-	fw3_foreach(mac, &redir->mac_src)
+	fw3_foreach(proto, &redir->proto) fw3_foreach(mac, &redir->mac_src)
 		print_redirect(handle, state, redir, num, proto, mac);
 
 	/* reflection rules */
-	if (redir->target != FW3_FLAG_DNAT || !redir->reflection || redir->local)
+	if (redir->target != FW3_FLAG_DNAT || !redir->reflection ||
+	    redir->local)
 		return;
 
 	if (!redir->_dest || !redir->_src->masq)
@@ -710,13 +689,11 @@ expand_redirect(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	if (!ext_addrs || !int_addrs)
 		goto out;
 
-	list_for_each_entry(ext_addr, ext_addrs, list)
-	{
+	list_for_each_entry (ext_addr, ext_addrs, list) {
 		if (!fw3_is_family(ext_addr, handle->family))
 			continue;
 
-		list_for_each_entry(int_addr, int_addrs, list)
-		{
+		list_for_each_entry (int_addr, int_addrs, list) {
 			if (!fw3_is_family(int_addr, handle->family))
 				continue;
 
@@ -725,7 +702,8 @@ expand_redirect(struct fw3_ipt_handle *handle, struct fw3_state *state,
 				if (!proto)
 					continue;
 
-				if (redir->reflection_src == FW3_REFLECTION_INTERNAL)
+				if (redir->reflection_src ==
+				    FW3_REFLECTION_INTERNAL)
 					ref_addr = *int_addr;
 				else
 					ref_addr = *ext_addr;
@@ -733,8 +711,9 @@ expand_redirect(struct fw3_ipt_handle *handle, struct fw3_state *state,
 				ref_addr.mask.v4.s_addr = 0xFFFFFFFF;
 				ext_addr->mask.v4.s_addr = 0xFFFFFFFF;
 
-				print_reflection(handle, state, redir, num, proto,
-								 &ref_addr, int_addr, ext_addr);
+				print_reflection(handle, state, redir, num,
+						 proto, &ref_addr, int_addr,
+						 ext_addr);
 			}
 		}
 	}
@@ -744,8 +723,7 @@ out:
 	fw3_free_list(int_addrs);
 }
 
-void
-fw3_print_redirects(struct fw3_ipt_handle *handle, struct fw3_state *state)
+void fw3_print_redirects(struct fw3_ipt_handle *handle, struct fw3_state *state)
 {
 	int num = 0;
 	struct fw3_redirect *redir;
@@ -754,12 +732,10 @@ fw3_print_redirects(struct fw3_ipt_handle *handle, struct fw3_state *state)
 		return;
 
 	if (handle->table != FW3_TABLE_FILTER &&
-	    handle->table != FW3_TABLE_NAT &&
-	    handle->table != FW3_TABLE_RAW)
+	    handle->table != FW3_TABLE_NAT && handle->table != FW3_TABLE_RAW)
 		return;
 
-	list_for_each_entry(redir, &state->redirects, list)
-	{
+	list_for_each_entry (redir, &state->redirects, list) {
 		if (handle->table == FW3_TABLE_RAW && !redir->helper.ptr)
 			continue;
 
diff --git a/redirects.h b/redirects.h
index 0d46bd2..09a83d7 100644
--- a/redirects.h
+++ b/redirects.h
@@ -31,7 +31,7 @@ extern const struct fw3_option fw3_redirect_opts[];
 void fw3_load_redirects(struct fw3_state *state, struct uci_package *p,
 			struct blob_attr *a);
 void fw3_print_redirects(struct fw3_ipt_handle *handle,
-                         struct fw3_state *state);
+			 struct fw3_state *state);
 
 static inline void fw3_free_redirect(struct fw3_redirect *redir)
 {
diff --git a/rules.c b/rules.c
index 5af8bfd..030e5da 100644
--- a/rules.c
+++ b/rules.c
@@ -18,67 +18,63 @@
 
 #include "rules.h"
 
-
 const struct fw3_option fw3_rule_opts[] = {
-	FW3_OPT("enabled",             bool,      rule,     enabled),
+	FW3_OPT("enabled", bool, rule, enabled),
 
-	FW3_OPT("name",                string,    rule,     name),
-	FW3_OPT("family",              family,    rule,     family),
+	FW3_OPT("name", string, rule, name),
+	FW3_OPT("family", family, rule, family),
 
-	FW3_OPT("src",                 device,    rule,     src),
-	FW3_OPT("dest",                device,    rule,     dest),
+	FW3_OPT("src", device, rule, src),
+	FW3_OPT("dest", device, rule, dest),
 
-	FW3_OPT("device",              string,    rule,     device),
-	FW3_OPT("direction",           direction, rule,     direction_out),
+	FW3_OPT("device", string, rule, device),
+	FW3_OPT("direction", direction, rule, direction_out),
 
-	FW3_OPT("ipset",               setmatch,  rule,     ipset),
-	FW3_OPT("helper",              cthelper,  rule,     helper),
-	FW3_OPT("set_helper",          cthelper,  rule,     set_helper),
+	FW3_OPT("ipset", setmatch, rule, ipset),
+	FW3_OPT("helper", cthelper, rule, helper),
+	FW3_OPT("set_helper", cthelper, rule, set_helper),
 
-	FW3_LIST("proto",              protocol,  rule,     proto),
+	FW3_LIST("proto", protocol, rule, proto),
 
-	FW3_LIST("src_ip",             network,   rule,     ip_src),
-	FW3_LIST("src_mac",            mac,       rule,     mac_src),
-	FW3_LIST("src_port",           port,      rule,     port_src),
+	FW3_LIST("src_ip", network, rule, ip_src),
+	FW3_LIST("src_mac", mac, rule, mac_src),
+	FW3_LIST("src_port", port, rule, port_src),
 
-	FW3_LIST("dest_ip",            network,   rule,     ip_dest),
-	FW3_LIST("dest_port",          port,      rule,     port_dest),
+	FW3_LIST("dest_ip", network, rule, ip_dest),
+	FW3_LIST("dest_port", port, rule, port_dest),
 
-	FW3_LIST("icmp_type",          icmptype,  rule,     icmp_type),
-	FW3_OPT("extra",               string,    rule,     extra),
+	FW3_LIST("icmp_type", icmptype, rule, icmp_type),
+	FW3_OPT("extra", string, rule, extra),
 
-	FW3_OPT("limit",               limit,     rule,     limit),
-	FW3_OPT("limit_burst",         int,       rule,     limit.burst),
+	FW3_OPT("limit", limit, rule, limit),
+	FW3_OPT("limit_burst", int, rule, limit.burst),
 
-	FW3_OPT("utc_time",            bool,      rule,     time.utc),
-	FW3_OPT("start_date",          date,      rule,     time.datestart),
-	FW3_OPT("stop_date",           date,      rule,     time.datestop),
-	FW3_OPT("start_time",          time,      rule,     time.timestart),
-	FW3_OPT("stop_time",           time,      rule,     time.timestop),
-	FW3_OPT("weekdays",            weekdays,  rule,     time.weekdays),
-	FW3_OPT("monthdays",           monthdays, rule,     time.monthdays),
+	FW3_OPT("utc_time", bool, rule, time.utc),
+	FW3_OPT("start_date", date, rule, time.datestart),
+	FW3_OPT("stop_date", date, rule, time.datestop),
+	FW3_OPT("start_time", time, rule, time.timestart),
+	FW3_OPT("stop_time", time, rule, time.timestop),
+	FW3_OPT("weekdays", weekdays, rule, time.weekdays),
+	FW3_OPT("monthdays", monthdays, rule, time.monthdays),
 
-	FW3_OPT("mark",                mark,      rule,     mark),
-	FW3_OPT("set_mark",            mark,      rule,     set_mark),
-	FW3_OPT("set_xmark",           mark,      rule,     set_xmark),
+	FW3_OPT("mark", mark, rule, mark),
+	FW3_OPT("set_mark", mark, rule, set_mark),
+	FW3_OPT("set_xmark", mark, rule, set_xmark),
 
-	FW3_OPT("dscp",                dscp,      rule,     dscp),
-	FW3_OPT("set_dscp",            dscp,      rule,     set_dscp),
+	FW3_OPT("dscp", dscp, rule, dscp),
+	FW3_OPT("set_dscp", dscp, rule, set_dscp),
 
-	FW3_OPT("target",              target,    rule,     target),
+	FW3_OPT("target", target, rule, target),
 
-	{ }
+	{}
 };
 
-
-static bool
-need_src_action_chain(struct fw3_rule *r)
+static bool need_src_action_chain(struct fw3_rule *r)
 {
 	return (r->_src && r->_src->log && (r->target > FW3_FLAG_ACCEPT));
 }
 
-static struct fw3_rule*
-alloc_rule(struct fw3_state *state)
+static struct fw3_rule *alloc_rule(struct fw3_state *state)
 {
 	struct fw3_rule *rule = calloc(1, sizeof(*rule));
 
@@ -101,133 +97,128 @@ alloc_rule(struct fw3_state *state)
 	return rule;
 }
 
-static bool
-check_rule(struct fw3_state *state, struct fw3_rule *r, struct uci_element *e)
+static bool check_rule(struct fw3_state *state, struct fw3_rule *r,
+		       struct uci_element *e)
 {
 	if (!r->enabled)
 		return false;
 
-	if (r->src.invert || r->dest.invert)
-	{
-		warn_section("rule", r, e, "must not have inverted 'src' or 'dest' options");
+	if (r->src.invert || r->dest.invert) {
+		warn_section("rule", r, e,
+			     "must not have inverted 'src' or 'dest' options");
 		return false;
-	}
-	else if (r->src.set && !r->src.any &&
-	         !(r->_src = fw3_lookup_zone(state, r->src.name)))
-	{
-		warn_section("rule", r, e, "refers to not existing zone '%s'", r->src.name);
+	} else if (r->src.set && !r->src.any &&
+		   !(r->_src = fw3_lookup_zone(state, r->src.name))) {
+		warn_section("rule", r, e, "refers to not existing zone '%s'",
+			     r->src.name);
 		return false;
-	}
-	else if (r->dest.set && !r->dest.any &&
-	         !(r->_dest = fw3_lookup_zone(state, r->dest.name)))
-	{
-		warn_section("rule", r, e, "refers to not existing zone '%s'", r->dest.name);
+	} else if (r->dest.set && !r->dest.any &&
+		   !(r->_dest = fw3_lookup_zone(state, r->dest.name))) {
+		warn_section("rule", r, e, "refers to not existing zone '%s'",
+			     r->dest.name);
 		return false;
-	}
-	else if (r->ipset.set && state->disable_ipsets)
-	{
-		warn_section("rule", r, e, "skipped due to disabled ipset support");
+	} else if (r->ipset.set && state->disable_ipsets) {
+		warn_section("rule", r, e,
+			     "skipped due to disabled ipset support");
 		return false;
-	}
-	else if (r->ipset.set &&
-	         !(r->ipset.ptr = fw3_lookup_ipset(state, r->ipset.name)))
-	{
-		warn_section("rule", r, e, "refers to unknown ipset '%s'", r->ipset.name);
+	} else if (r->ipset.set &&
+		   !(r->ipset.ptr = fw3_lookup_ipset(state, r->ipset.name))) {
+		warn_section("rule", r, e, "refers to unknown ipset '%s'",
+			     r->ipset.name);
 		return false;
-	}
-	else if (r->helper.set &&
-	         !(r->helper.ptr = fw3_lookup_cthelper(state, r->helper.name)))
-	{
-		warn_section("rule", r, e, "refers to unknown CT helper '%s'", r->helper.name);
+	} else if (r->helper.set && !(r->helper.ptr = fw3_lookup_cthelper(
+					      state, r->helper.name))) {
+		warn_section("rule", r, e, "refers to unknown CT helper '%s'",
+			     r->helper.name);
 		return false;
-	}
-	else if (r->set_helper.set &&
-	         !(r->set_helper.ptr = fw3_lookup_cthelper(state, r->set_helper.name)))
-	{
-		warn_section("rule", r, e, "refers to unknown CT helper '%s'", r->set_helper.name);
+	} else if (r->set_helper.set &&
+		   !(r->set_helper.ptr =
+			     fw3_lookup_cthelper(state, r->set_helper.name))) {
+		warn_section("rule", r, e, "refers to unknown CT helper '%s'",
+			     r->set_helper.name);
 		return false;
 	}
 
-	if (!r->_src && (r->target == FW3_FLAG_NOTRACK || r->target == FW3_FLAG_HELPER))
-	{
-		warn_section("rule", r, e, "is set to target %s but has no source assigned",
-		             fw3_flag_names[r->target]);
+	if (!r->_src &&
+	    (r->target == FW3_FLAG_NOTRACK || r->target == FW3_FLAG_HELPER)) {
+		warn_section("rule", r, e,
+			     "is set to target %s but has no source assigned",
+			     fw3_flag_names[r->target]);
 		return false;
 	}
 
 	if (!r->set_mark.set && !r->set_xmark.set &&
-	    r->target == FW3_FLAG_MARK)
-	{
-		warn_section("rule", r, e, "is set to target MARK but specifies neither "
-		                           "'set_mark' nor 'set_xmark' option");
+	    r->target == FW3_FLAG_MARK) {
+		warn_section("rule", r, e,
+			     "is set to target MARK but specifies neither "
+			     "'set_mark' nor 'set_xmark' option");
 		return false;
 	}
 
-	if (!r->set_dscp.set && r->target == FW3_FLAG_DSCP)
-	{
-		warn_section("rule", r, e, "is set to target DSCP but specifies no "
-		                           "'set_dscp' option");
+	if (!r->set_dscp.set && r->target == FW3_FLAG_DSCP) {
+		warn_section("rule", r, e,
+			     "is set to target DSCP but specifies no "
+			     "'set_dscp' option");
 		return false;
 	}
 
-	if (r->_dest && (r->target == FW3_FLAG_MARK || r->target == FW3_FLAG_DSCP))
-	{
-		warn_section("rule", r, e, "must not specify 'dest' for %s target",
-		             fw3_flag_names[r->target]);
+	if (r->_dest &&
+	    (r->target == FW3_FLAG_MARK || r->target == FW3_FLAG_DSCP)) {
+		warn_section("rule", r, e,
+			     "must not specify 'dest' for %s target",
+			     fw3_flag_names[r->target]);
 		return false;
 	}
 
-	if (r->set_mark.invert || r->set_xmark.invert || r->set_dscp.invert)
-	{
-		warn_section("rule", r, e, "must not have inverted 'set_mark', "
-		                           "'set_xmark' or 'set_dscp'");
+	if (r->set_mark.invert || r->set_xmark.invert || r->set_dscp.invert) {
+		warn_section("rule", r, e,
+			     "must not have inverted 'set_mark', "
+			     "'set_xmark' or 'set_dscp'");
 		return false;
 	}
 
-	if (!r->set_helper.set && r->target == FW3_FLAG_HELPER)
-	{
-		warn_section("rule", r, e, "is set to target HELPER but specifies "
-		                           "no 'set_helper' option");
+	if (!r->set_helper.set && r->target == FW3_FLAG_HELPER) {
+		warn_section("rule", r, e,
+			     "is set to target HELPER but specifies "
+			     "no 'set_helper' option");
 		return false;
 	}
 
-	if (r->set_helper.invert && r->target == FW3_FLAG_HELPER)
-	{
-		warn_section("rule", r, e, "must not have inverted 'set_helper' option");
+	if (r->set_helper.invert && r->target == FW3_FLAG_HELPER) {
+		warn_section("rule", r, e,
+			     "must not have inverted 'set_helper' option");
 		return false;
 	}
 
-	if (!r->_src && !r->_dest && !r->src.any && !r->dest.any)
-	{
-		warn_section("rule", r, e, "has neither a source nor a destination zone assigned "
-		                "- assuming an output r");
+	if (!r->_src && !r->_dest && !r->src.any && !r->dest.any) {
+		warn_section(
+			"rule", r, e,
+			"has neither a source nor a destination zone assigned "
+			"- assuming an output r");
 	}
 
-	if (list_empty(&r->proto))
-	{
-		warn_section("rule", r, e, "does not specify a protocol, assuming TCP+UDP");
+	if (list_empty(&r->proto)) {
+		warn_section("rule", r, e,
+			     "does not specify a protocol, assuming TCP+UDP");
 		fw3_parse_protocol(&r->proto, "tcpudp", true);
 	}
 
-	if (r->target == FW3_FLAG_UNSPEC)
-	{
-		warn_section("rule", r, e, "has no target specified, defaulting to REJECT");
+	if (r->target == FW3_FLAG_UNSPEC) {
+		warn_section("rule", r, e,
+			     "has no target specified, defaulting to REJECT");
 		r->target = FW3_FLAG_REJECT;
-	}
-	else if (r->target > FW3_FLAG_DSCP)
-	{
-		warn_section("rule", r, e, "has invalid target specified, defaulting to REJECT");
+	} else if (r->target > FW3_FLAG_DSCP) {
+		warn_section(
+			"rule", r, e,
+			"has invalid target specified, defaulting to REJECT");
 		r->target = FW3_FLAG_REJECT;
 	}
 
 	/* NB: r family... */
-	if (r->_dest)
-	{
+	if (r->_dest) {
 		fw3_setbit(r->_dest->flags[0], r->target);
 		fw3_setbit(r->_dest->flags[1], r->target);
-	}
-	else if (need_src_action_chain(r))
-	{
+	} else if (need_src_action_chain(r)) {
 		fw3_setbit(r->_src->flags[0], fw3_to_src_target(r->target));
 		fw3_setbit(r->_src->flags[1], fw3_to_src_target(r->target));
 	}
@@ -235,9 +226,8 @@ check_rule(struct fw3_state *state, struct fw3_rule *r, struct uci_element *e)
 	return true;
 }
 
-void
-fw3_load_rules(struct fw3_state *state, struct uci_package *p,
-		struct blob_attr *a)
+void fw3_load_rules(struct fw3_state *state, struct uci_package *p,
+		    struct blob_attr *a)
 {
 	struct uci_section *s;
 	struct uci_element *e;
@@ -247,7 +237,8 @@ fw3_load_rules(struct fw3_state *state, struct uci_package *p,
 
 	INIT_LIST_HEAD(&state->rules);
 
-	blob_for_each_attr(entry, a, rem) {
+	blob_for_each_attr(entry, a, rem)
+	{
 		const char *type;
 		const char *name = "ubus rule";
 
@@ -260,9 +251,9 @@ fw3_load_rules(struct fw3_state *state, struct uci_package *p,
 		if (!(rule = alloc_rule(state)))
 			continue;
 
-		if (!fw3_parse_blob_options(rule, fw3_rule_opts, entry, name))
-		{
-			warn_section("rule", rule, NULL, "skipped due to invalid options");
+		if (!fw3_parse_blob_options(rule, fw3_rule_opts, entry, name)) {
+			warn_section("rule", rule, NULL,
+				     "skipped due to invalid options");
 			fw3_free_rule(rule);
 			continue;
 		}
@@ -281,8 +272,7 @@ fw3_load_rules(struct fw3_state *state, struct uci_package *p,
 		if (!(rule = alloc_rule(state)))
 			continue;
 
-		if (!fw3_parse_options(rule, fw3_rule_opts, s))
-		{
+		if (!fw3_parse_options(rule, fw3_rule_opts, s)) {
 			warn_elem(e, "skipped due to invalid options");
 			fw3_free_rule(rule);
 			continue;
@@ -293,56 +283,48 @@ fw3_load_rules(struct fw3_state *state, struct uci_package *p,
 	}
 }
 
-
-static void
-append_chain(struct fw3_ipt_rule *r, struct fw3_rule *rule)
+static void append_chain(struct fw3_ipt_rule *r, struct fw3_rule *rule)
 {
 	char chain[32];
 
 	snprintf(chain, sizeof(chain), "OUTPUT");
 
-	if (rule->target == FW3_FLAG_NOTRACK)
-	{
-		snprintf(chain, sizeof(chain), "zone_%s_notrack", rule->src.name);
-	}
-	else if (rule->target == FW3_FLAG_HELPER)
-	{
-		snprintf(chain, sizeof(chain), "zone_%s_helper", rule->src.name);
-	}
-	else if ((rule->target == FW3_FLAG_MARK || rule->target == FW3_FLAG_DSCP) &&
-	         (rule->_src || rule->src.any))
-	{
+	if (rule->target == FW3_FLAG_NOTRACK) {
+		snprintf(chain, sizeof(chain), "zone_%s_notrack",
+			 rule->src.name);
+	} else if (rule->target == FW3_FLAG_HELPER) {
+		snprintf(chain, sizeof(chain), "zone_%s_helper",
+			 rule->src.name);
+	} else if ((rule->target == FW3_FLAG_MARK ||
+		    rule->target == FW3_FLAG_DSCP) &&
+		   (rule->_src || rule->src.any)) {
 		snprintf(chain, sizeof(chain), "PREROUTING");
-	}
-	else
-	{
-		if (rule->src.set)
-		{
-			if (!rule->src.any)
-			{
+	} else {
+		if (rule->src.set) {
+			if (!rule->src.any) {
 				if (rule->dest.set)
-					snprintf(chain, sizeof(chain), "zone_%s_forward",
-					         rule->src.name);
+					snprintf(chain, sizeof(chain),
+						 "zone_%s_forward",
+						 rule->src.name);
 				else
-					snprintf(chain, sizeof(chain), "zone_%s_input",
-					         rule->src.name);
-			}
-			else
-			{
+					snprintf(chain, sizeof(chain),
+						 "zone_%s_input",
+						 rule->src.name);
+			} else {
 				if (rule->dest.set)
-					snprintf(chain, sizeof(chain), "FORWARD");
+					snprintf(chain, sizeof(chain),
+						 "FORWARD");
 				else
 					snprintf(chain, sizeof(chain), "INPUT");
 			}
 		}
 
-		if (rule->dest.set && !rule->src.set)
-		{
+		if (rule->dest.set && !rule->src.set) {
 			if (rule->dest.any)
 				snprintf(chain, sizeof(chain), "OUTPUT");
 			else
 				snprintf(chain, sizeof(chain), "zone_%s_output",
-				         rule->dest.name);
+					 rule->dest.name);
 		}
 	}
 
@@ -355,8 +337,7 @@ static void set_target(struct fw3_ipt_rule *r, struct fw3_rule *rule)
 	struct fw3_mark *mark;
 	char buf[sizeof("0xFFFFFFFF/0xFFFFFFFF\0")];
 
-	switch(rule->target)
-	{
+	switch (rule->target) {
 	case FW3_FLAG_MARK:
 		name = rule->set_mark.set ? "--set-mark" : "--set-xmark";
 		mark = rule->set_mark.set ? &rule->set_mark : &rule->set_xmark;
@@ -380,7 +361,8 @@ static void set_target(struct fw3_ipt_rule *r, struct fw3_rule *rule)
 
 	case FW3_FLAG_HELPER:
 		fw3_ipt_rule_target(r, "CT");
-		fw3_ipt_rule_addarg(r, false, "--helper", rule->set_helper.ptr->name);
+		fw3_ipt_rule_addarg(r, false, "--helper",
+				    rule->set_helper.ptr->name);
 		return;
 
 	case FW3_FLAG_ACCEPT:
@@ -394,7 +376,8 @@ static void set_target(struct fw3_ipt_rule *r, struct fw3_rule *rule)
 	}
 
 	if (rule->dest.set && !rule->dest.any)
-		fw3_ipt_rule_target(r, "zone_%s_dest_%s", rule->dest.name, name);
+		fw3_ipt_rule_target(r, "zone_%s_dest_%s", rule->dest.name,
+				    name);
 	else if (need_src_action_chain(rule))
 		fw3_ipt_rule_target(r, "zone_%s_src_%s", rule->src.name, name);
 	else if (strcmp(name, "REJECT"))
@@ -403,8 +386,7 @@ static void set_target(struct fw3_ipt_rule *r, struct fw3_rule *rule)
 		fw3_ipt_rule_target(r, "reject");
 }
 
-static void
-set_comment(struct fw3_ipt_rule *r, const char *name, int num)
+static void set_comment(struct fw3_ipt_rule *r, const char *name, int num)
 {
 	if (name)
 		fw3_ipt_rule_comment(r, name);
@@ -412,18 +394,17 @@ set_comment(struct fw3_ipt_rule *r, const char *name, int num)
 		fw3_ipt_rule_comment(r, "@rule[%u]", num);
 }
 
-static void
-print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
-           struct fw3_rule *rule, int num, struct fw3_protocol *proto,
-           struct fw3_address *sip, struct fw3_address *dip,
-           struct fw3_port *sport, struct fw3_port *dport,
-           struct fw3_mac *mac, struct fw3_icmptype *icmptype)
+static void print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
+		       struct fw3_rule *rule, int num,
+		       struct fw3_protocol *proto, struct fw3_address *sip,
+		       struct fw3_address *dip, struct fw3_port *sport,
+		       struct fw3_port *dport, struct fw3_mac *mac,
+		       struct fw3_icmptype *icmptype)
 {
 	struct fw3_ipt_rule *r;
 
 	if (!fw3_is_family(sip, handle->family) ||
-	    !fw3_is_family(dip, handle->family))
-	{
+	    !fw3_is_family(dip, handle->family)) {
 		if ((sip && !sip->resolved) || (dip && !dip->resolved))
 			info("     ! Skipping due to different family of ip address");
 
@@ -431,8 +412,7 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	}
 
 	if (!fw3_is_family(sip, handle->family) ||
-	    !fw3_is_family(dip, handle->family))
-	{
+	    !fw3_is_family(dip, handle->family)) {
 		if ((sip && !sip->resolved) || (dip && !dip->resolved))
 			info("     ! Skipping due to different family of ip address");
 
@@ -440,32 +420,28 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	}
 
 	if (!fw3_is_family(sip, handle->family) ||
-	    !fw3_is_family(dip, handle->family))
-	{
+	    !fw3_is_family(dip, handle->family)) {
 		if ((sip && !sip->resolved) || (dip && !dip->resolved))
 			info("     ! Skipping due to different family of ip address");
 
 		return;
 	}
 
-	if (proto->protocol == 58 && handle->family == FW3_FAMILY_V4)
-	{
+	if (proto->protocol == 58 && handle->family == FW3_FAMILY_V4) {
 		info("     ! Skipping protocol %s due to different family",
 		     fw3_protoname(proto));
 		return;
 	}
 
 	if (rule->helper.ptr &&
-	    !fw3_cthelper_check_proto(rule->helper.ptr, proto))
-	{
+	    !fw3_cthelper_check_proto(rule->helper.ptr, proto)) {
 		info("     ! Skipping protocol %s since helper '%s' does not support it",
 		     fw3_protoname(proto), rule->helper.ptr->name);
 		return;
 	}
 
 	if (rule->set_helper.ptr &&
-	    !fw3_cthelper_check_proto(rule->set_helper.ptr, proto))
-	{
+	    !fw3_cthelper_check_proto(rule->set_helper.ptr, proto)) {
 		info("     ! Skipping protocol %s since helper '%s' does not support it",
 		     fw3_protoname(proto), rule->helper.ptr->name);
 		return;
@@ -488,9 +464,8 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	append_chain(r, rule);
 }
 
-static void
-expand_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
-            struct fw3_rule *rule, int num)
+static void expand_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
+			struct fw3_rule *rule, int num)
 {
 	struct fw3_protocol *proto;
 	struct fw3_address *sip;
@@ -510,11 +485,16 @@ expand_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	if (!fw3_is_family(rule, handle->family))
 		return;
 
-	if ((rule->target == FW3_FLAG_NOTRACK && handle->table != FW3_TABLE_RAW) ||
-	    (rule->target == FW3_FLAG_HELPER && handle->table != FW3_TABLE_RAW)  ||
-	    (rule->target == FW3_FLAG_MARK && handle->table != FW3_TABLE_MANGLE) ||
-	    (rule->target == FW3_FLAG_DSCP && handle->table != FW3_TABLE_MANGLE) ||
-		(rule->target < FW3_FLAG_NOTRACK && handle->table != FW3_TABLE_FILTER))
+	if ((rule->target == FW3_FLAG_NOTRACK &&
+	     handle->table != FW3_TABLE_RAW) ||
+	    (rule->target == FW3_FLAG_HELPER &&
+	     handle->table != FW3_TABLE_RAW) ||
+	    (rule->target == FW3_FLAG_MARK &&
+	     handle->table != FW3_TABLE_MANGLE) ||
+	    (rule->target == FW3_FLAG_DSCP &&
+	     handle->table != FW3_TABLE_MANGLE) ||
+	    (rule->target < FW3_FLAG_NOTRACK &&
+	     handle->table != FW3_TABLE_FILTER))
 		return;
 
 	if (rule->name)
@@ -523,76 +503,68 @@ expand_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 		info("   * Rule #%u", num);
 
 	if (!fw3_is_family(rule->_src, handle->family) ||
-	    !fw3_is_family(rule->_dest, handle->family))
-	{
+	    !fw3_is_family(rule->_dest, handle->family)) {
 		info("     ! Skipping due to different family of zone");
 		return;
 	}
 
-	if (rule->ipset.ptr)
-	{
-		if (!fw3_is_family(rule->ipset.ptr, handle->family))
-		{
+	if (rule->ipset.ptr) {
+		if (!fw3_is_family(rule->ipset.ptr, handle->family)) {
 			info("     ! Skipping due to different family in ipset");
 			return;
 		}
 
-		if (!fw3_check_ipset(rule->ipset.ptr))
-		{
+		if (!fw3_check_ipset(rule->ipset.ptr)) {
 			info("     ! Skipping due to missing ipset '%s'",
-			     rule->ipset.ptr->external
-					? rule->ipset.ptr->external : rule->ipset.ptr->name);
+			     rule->ipset.ptr->external ?
+				     rule->ipset.ptr->external :
+				     rule->ipset.ptr->name);
 			return;
 		}
 
 		set(rule->ipset.ptr->flags, handle->family, handle->family);
 	}
 
-	if (rule->helper.ptr && !fw3_is_family(rule->helper.ptr, handle->family))
-	{
+	if (rule->helper.ptr &&
+	    !fw3_is_family(rule->helper.ptr, handle->family)) {
 		info("     ! Skipping due to unsupported family of CT helper");
 		return;
 	}
 
-	if (rule->set_helper.ptr && !fw3_is_family(rule->set_helper.ptr, handle->family))
-	{
+	if (rule->set_helper.ptr &&
+	    !fw3_is_family(rule->set_helper.ptr, handle->family)) {
 		info("     ! Skipping due to unsupported family of CT helper");
 		return;
 	}
 
-	list_for_each_entry(proto, &rule->proto, list)
-	{
+	list_for_each_entry (proto, &rule->proto, list) {
 		/* icmp / ipv6-icmp */
-		if (proto->protocol == 1 || proto->protocol == 58)
-		{
+		if (proto->protocol == 1 || proto->protocol == 58) {
 			sports = ∅
 			dports = ∅
 			icmptypes = &rule->icmp_type;
-		}
-		else
-		{
+		} else {
 			sports = &rule->port_src;
 			dports = &rule->port_dest;
 			icmptypes = ∅
 		}
 
-		fw3_foreach(sip, &rule->ip_src)
-		fw3_foreach(dip, &rule->ip_dest)
-		fw3_foreach(sport, sports)
-		fw3_foreach(dport, dports)
-		fw3_foreach(mac, &rule->mac_src)
-		fw3_foreach(icmptype, icmptypes)
-			print_rule(handle, state, rule, num, proto, sip, dip,
-			           sport, dport, mac, icmptype);
+		fw3_foreach(sip, &rule->ip_src) fw3_foreach(dip, &rule->ip_dest)
+			fw3_foreach(sport, sports) fw3_foreach(dport, dports)
+				fw3_foreach(mac, &rule->mac_src)
+					fw3_foreach(icmptype, icmptypes)
+						print_rule(handle, state, rule,
+							   num, proto, sip, dip,
+							   sport, dport, mac,
+							   icmptype);
 	}
 }
 
-void
-fw3_print_rules(struct fw3_ipt_handle *handle, struct fw3_state *state)
+void fw3_print_rules(struct fw3_ipt_handle *handle, struct fw3_state *state)
 {
 	int num = 0;
 	struct fw3_rule *rule;
 
-	list_for_each_entry(rule, &state->rules, list)
+	list_for_each_entry (rule, &state->rules, list)
 		expand_rule(handle, state, rule, num++);
 }
diff --git a/rules.h b/rules.h
index be7c8bd..52a4c4b 100644
--- a/rules.h
+++ b/rules.h
@@ -28,7 +28,8 @@
 
 extern const struct fw3_option fw3_rule_opts[];
 
-void fw3_load_rules(struct fw3_state *state, struct uci_package *p, struct blob_attr *a);
+void fw3_load_rules(struct fw3_state *state, struct uci_package *p,
+		    struct blob_attr *a);
 void fw3_print_rules(struct fw3_ipt_handle *handle, struct fw3_state *state);
 
 static inline void fw3_free_rule(struct fw3_rule *rule)
diff --git a/snats.c b/snats.c
index 1d78f93..32501c1 100644
--- a/snats.c
+++ b/snats.c
@@ -18,85 +18,81 @@
 
 #include "snats.h"
 
-
 const struct fw3_option fw3_snat_opts[] = {
-	FW3_OPT("enabled",             bool,      snat,     enabled),
+	FW3_OPT("enabled", bool, snat, enabled),
 
-	FW3_OPT("name",                string,    snat,     name),
-	FW3_OPT("family",              family,    snat,     family),
+	FW3_OPT("name", string, snat, name),
+	FW3_OPT("family", family, snat, family),
 
-	FW3_OPT("src",                 device,    snat,     src),
-	FW3_OPT("device",              string,    snat,     device),
+	FW3_OPT("src", device, snat, src),
+	FW3_OPT("device", string, snat, device),
 
-	FW3_OPT("ipset",               setmatch,  snat,     ipset),
+	FW3_OPT("ipset", setmatch, snat, ipset),
 
-	FW3_LIST("proto",              protocol,  snat,     proto),
+	FW3_LIST("proto", protocol, snat, proto),
 
-	FW3_OPT("src_ip",              network,   snat,     ip_src),
-	FW3_OPT("src_port",            port,      snat,     port_src),
+	FW3_OPT("src_ip", network, snat, ip_src),
+	FW3_OPT("src_port", port, snat, port_src),
 
-	FW3_OPT("snat_ip",             network,   snat,     ip_snat),
-	FW3_OPT("snat_port",           port,      snat,     port_snat),
+	FW3_OPT("snat_ip", network, snat, ip_snat),
+	FW3_OPT("snat_port", port, snat, port_snat),
 
-	FW3_OPT("dest_ip",             network,   snat,     ip_dest),
-	FW3_OPT("dest_port",           port,      snat,     port_dest),
+	FW3_OPT("dest_ip", network, snat, ip_dest),
+	FW3_OPT("dest_port", port, snat, port_dest),
 
-	FW3_OPT("extra",               string,    snat,     extra),
+	FW3_OPT("extra", string, snat, extra),
 
-	FW3_OPT("limit",               limit,     snat,     limit),
-	FW3_OPT("limit_burst",         int,       snat,     limit.burst),
+	FW3_OPT("limit", limit, snat, limit),
+	FW3_OPT("limit_burst", int, snat, limit.burst),
 
-	FW3_OPT("connlimit_ports",     bool,      snat,     connlimit_ports),
+	FW3_OPT("connlimit_ports", bool, snat, connlimit_ports),
 
-	FW3_OPT("utc_time",            bool,      snat,     time.utc),
-	FW3_OPT("start_date",          date,      snat,     time.datestart),
-	FW3_OPT("stop_date",           date,      snat,     time.datestop),
-	FW3_OPT("start_time",          time,      snat,     time.timestart),
-	FW3_OPT("stop_time",           time,      snat,     time.timestop),
-	FW3_OPT("weekdays",            weekdays,  snat,     time.weekdays),
-	FW3_OPT("monthdays",           monthdays, snat,     time.monthdays),
+	FW3_OPT("utc_time", bool, snat, time.utc),
+	FW3_OPT("start_date", date, snat, time.datestart),
+	FW3_OPT("stop_date", date, snat, time.datestop),
+	FW3_OPT("start_time", time, snat, time.timestart),
+	FW3_OPT("stop_time", time, snat, time.timestop),
+	FW3_OPT("weekdays", weekdays, snat, time.weekdays),
+	FW3_OPT("monthdays", monthdays, snat, time.monthdays),
 
-	FW3_OPT("mark",                mark,      snat,     mark),
+	FW3_OPT("mark", mark, snat, mark),
 
-	FW3_OPT("target",              target,    snat,     target),
+	FW3_OPT("target", target, snat, target),
 
-	{ }
+	{}
 };
 
-
-static bool
-check_families(struct uci_element *e, struct fw3_snat *r)
+static bool check_families(struct uci_element *e, struct fw3_snat *r)
 {
 	if (r->family == FW3_FAMILY_ANY)
 		return true;
 
-	if (r->_src && r->_src->family && r->_src->family != r->family)
-	{
-		warn_section("nat", r, e, "refers to source zone with different family");
+	if (r->_src && r->_src->family && r->_src->family != r->family) {
+		warn_section("nat", r, e,
+			     "refers to source zone with different family");
 		return false;
 	}
 
 	if (r->ipset.ptr && r->ipset.ptr->family &&
-	    r->ipset.ptr->family != r->family)
-	{
-		warn_section("nat", r, e, "refers to ipset with different family");
+	    r->ipset.ptr->family != r->family) {
+		warn_section("nat", r, e,
+			     "refers to ipset with different family");
 		return false;
 	}
 
-	if (r->ip_src.family && r->ip_src.family != r->family)
-	{
-		warn_section("nat", r, e, "uses source ip with different family");
+	if (r->ip_src.family && r->ip_src.family != r->family) {
+		warn_section("nat", r, e,
+			     "uses source ip with different family");
 		return false;
 	}
 
-	if (r->ip_dest.family && r->ip_dest.family != r->family)
-	{
-		warn_section("nat", r, e, "uses destination ip with different family");
+	if (r->ip_dest.family && r->ip_dest.family != r->family) {
+		warn_section("nat", r, e,
+			     "uses destination ip with different family");
 		return false;
 	}
 
-	if (r->ip_snat.family && r->ip_snat.family != r->family)
-	{
+	if (r->ip_snat.family && r->ip_snat.family != r->family) {
 		warn_section("nat", r, e, "uses snat ip with different family");
 		return false;
 	}
@@ -104,9 +100,7 @@ check_families(struct uci_element *e, struct fw3_snat *r)
 	return true;
 }
 
-
-static struct fw3_snat*
-alloc_snat(struct fw3_state *state)
+static struct fw3_snat *alloc_snat(struct fw3_state *state)
 {
 	struct fw3_snat *snat = calloc(1, sizeof(*snat));
 
@@ -119,70 +113,67 @@ alloc_snat(struct fw3_state *state)
 	return snat;
 }
 
-static bool
-check_snat(struct fw3_state *state, struct fw3_snat *snat, struct uci_element *e)
+static bool check_snat(struct fw3_state *state, struct fw3_snat *snat,
+		       struct uci_element *e)
 {
 	if (!snat->enabled)
 		return false;
 
-	if (snat->src.invert)
-	{
-		warn_section("nat", snat, e, "must not have an inverted source");
+	if (snat->src.invert) {
+		warn_section("nat", snat, e,
+			     "must not have an inverted source");
 		return false;
-	}
-	else if (snat->src.set && !snat->src.any &&
-			!(snat->_src = fw3_lookup_zone(state, snat->src.name)))
-	{
-		warn_section("nat", snat, e, "refers to not existing zone '%s'", snat->src.name);
+	} else if (snat->src.set && !snat->src.any &&
+		   !(snat->_src = fw3_lookup_zone(state, snat->src.name))) {
+		warn_section("nat", snat, e, "refers to not existing zone '%s'",
+			     snat->src.name);
 		return false;
-	}
-	else if (snat->ipset.set && state->disable_ipsets)
-	{
-		warn_section("nat", snat, e, "skipped due to disabled ipset support");
+	} else if (snat->ipset.set && state->disable_ipsets) {
+		warn_section("nat", snat, e,
+			     "skipped due to disabled ipset support");
 		return false;
-	}
-	else if (snat->ipset.set &&
-			!(snat->ipset.ptr = fw3_lookup_ipset(state, snat->ipset.name)))
-	{
-		warn_section("nat", snat, e, "refers to unknown ipset '%s'", snat->ipset.name);
+	} else if (snat->ipset.set && !(snat->ipset.ptr = fw3_lookup_ipset(
+						state, snat->ipset.name))) {
+		warn_section("nat", snat, e, "refers to unknown ipset '%s'",
+			     snat->ipset.name);
 		return false;
 	}
 
 	if (!check_families(e, snat))
 		return false;
 
-	if (snat->target == FW3_FLAG_UNSPEC)
-	{
-		warn_section("nat", snat, e, "has no target specified, defaulting to MASQUERADE");
+	if (snat->target == FW3_FLAG_UNSPEC) {
+		warn_section(
+			"nat", snat, e,
+			"has no target specified, defaulting to MASQUERADE");
 		snat->target = FW3_FLAG_MASQUERADE;
-	}
-	else if (snat->target != FW3_FLAG_ACCEPT && snat->target != FW3_FLAG_SNAT &&
-			snat->target != FW3_FLAG_MASQUERADE)
-	{
-		warn_section("nat", snat, e, "has invalid target specified, defaulting to MASQUERADE");
+	} else if (snat->target != FW3_FLAG_ACCEPT &&
+		   snat->target != FW3_FLAG_SNAT &&
+		   snat->target != FW3_FLAG_MASQUERADE) {
+		warn_section(
+			"nat", snat, e,
+			"has invalid target specified, defaulting to MASQUERADE");
 		snat->target = FW3_FLAG_MASQUERADE;
 	}
 
-	if (snat->target == FW3_FLAG_SNAT &&
-			!snat->ip_snat.set && !snat->port_snat.set)
-	{
-		warn_section("nat", snat, e, "needs either 'snat_ip' or 'snat_port' for SNAT");
+	if (snat->target == FW3_FLAG_SNAT && !snat->ip_snat.set &&
+	    !snat->port_snat.set) {
+		warn_section("nat", snat, e,
+			     "needs either 'snat_ip' or 'snat_port' for SNAT");
 		return false;
-	}
-	else if (snat->target != FW3_FLAG_SNAT && snat->ip_snat.set)
-	{
-		warn_section("nat", snat, e, "must not use 'snat_ip' for non-SNAT");
+	} else if (snat->target != FW3_FLAG_SNAT && snat->ip_snat.set) {
+		warn_section("nat", snat, e,
+			     "must not use 'snat_ip' for non-SNAT");
 		return false;
-	}
-	else if (snat->target != FW3_FLAG_SNAT && snat->port_snat.set)
-	{
-		warn_section("nat", snat, e, "must not use 'snat_port' for non-SNAT");
+	} else if (snat->target != FW3_FLAG_SNAT && snat->port_snat.set) {
+		warn_section("nat", snat, e,
+			     "must not use 'snat_port' for non-SNAT");
 		return false;
 	}
 
-	if (list_empty(&snat->proto))
-	{
-		warn_section("nat", snat, e, "does not specify a protocol, assuming all");
+	if (list_empty(&snat->proto)) {
+		warn_section("nat", snat, e,
+			     "does not specify a protocol, assuming all");
 		fw3_parse_protocol(&snat->proto, "all", true);
 	}
 
@@ -192,9 +183,8 @@ check_snat(struct fw3_state *state, struct fw3_snat *snat, struct uci_element *e
 	return true;
 }
 
-
-void
-fw3_load_snats(struct fw3_state *state, struct uci_package *p, struct blob_attr *a)
+void fw3_load_snats(struct fw3_state *state, struct uci_package *p,
+		    struct blob_attr *a)
 {
 	struct uci_section *s;
 	struct uci_element *e;
@@ -204,7 +194,8 @@ fw3_load_snats(struct fw3_state *state, struct uci_package *p, struct blob_attr
 
 	INIT_LIST_HEAD(&state->snats);
 
-	blob_for_each_attr(entry, a, rem) {
+	blob_for_each_attr(entry, a, rem)
+	{
 		const char *type = NULL;
 		const char *name = "ubus rule";
 
@@ -218,9 +209,9 @@ fw3_load_snats(struct fw3_state *state, struct uci_package *p, struct blob_attr
 		if (!snat)
 			continue;
 
-		if (!fw3_parse_blob_options(snat, fw3_snat_opts, entry, name))
-		{
-			warn_section("nat", snat, NULL, "skipped due to invalid options");
+		if (!fw3_parse_blob_options(snat, fw3_snat_opts, entry, name)) {
+			warn_section("nat", snat, NULL,
+				     "skipped due to invalid options");
 			fw3_free_snat(snat);
 			continue;
 		}
@@ -240,8 +231,7 @@ fw3_load_snats(struct fw3_state *state, struct uci_package *p, struct blob_attr
 		if (!snat)
 			continue;
 
-		if (!fw3_parse_options(snat, fw3_snat_opts, s))
-		{
+		if (!fw3_parse_options(snat, fw3_snat_opts, s)) {
 			warn_elem(e, "skipped due to invalid options");
 			fw3_free_snat(snat);
 			continue;
@@ -252,8 +242,7 @@ fw3_load_snats(struct fw3_state *state, struct uci_package *p, struct blob_attr
 	}
 }
 
-static void
-append_chain(struct fw3_ipt_rule *r, struct fw3_snat *snat)
+static void append_chain(struct fw3_ipt_rule *r, struct fw3_snat *snat)
 {
 	if (snat->_src)
 		fw3_ipt_rule_append(r, "zone_%s_postrouting", snat->src.name);
@@ -261,56 +250,57 @@ append_chain(struct fw3_ipt_rule *r, struct fw3_snat *snat)
 		fw3_ipt_rule_append(r, "POSTROUTING");
 }
 
-static void
-set_target(struct fw3_ipt_rule *r, struct fw3_snat *snat,
-           struct fw3_protocol *proto)
+static void set_target(struct fw3_ipt_rule *r, struct fw3_snat *snat,
+		       struct fw3_protocol *proto)
 {
 	char buf[sizeof("255.255.255.255:65535-65535\0")];
 
-	if (snat->target == FW3_FLAG_SNAT)
-	{
+	if (snat->target == FW3_FLAG_SNAT) {
 		buf[0] = '\0';
 
-		if (snat->ip_snat.set)
-		{
-			inet_ntop(AF_INET, &snat->ip_snat.address.v4, buf, sizeof(buf));
+		if (snat->ip_snat.set) {
+			inet_ntop(AF_INET, &snat->ip_snat.address.v4, buf,
+				  sizeof(buf));
 		}
 
 		if (snat->port_snat.set && proto && !proto->any &&
-		    (proto->protocol == 6 || proto->protocol == 17 || proto->protocol == 1))
-		{
-			if (snat->port_snat.port_min == snat->port_snat.port_max)
-				sprintf(buf + strlen(buf), ":%u", snat->port_snat.port_min);
+		    (proto->protocol == 6 || proto->protocol == 17 ||
+		     proto->protocol == 1)) {
+			if (snat->port_snat.port_min ==
+			    snat->port_snat.port_max)
+				sprintf(buf + strlen(buf), ":%u",
+					snat->port_snat.port_min);
 			else
 				sprintf(buf + strlen(buf), ":%u-%u",
-						snat->port_snat.port_min, snat->port_snat.port_max);
+					snat->port_snat.port_min,
+					snat->port_snat.port_max);
 
 			if (snat->connlimit_ports) {
 				char portcntbuf[6];
 				snprintf(portcntbuf, sizeof(portcntbuf), "%u",
-						1 + snat->port_snat.port_max - snat->port_snat.port_min);
-
-				fw3_ipt_rule_addarg(r, false, "-m", "connlimit");
-				fw3_ipt_rule_addarg(r, false, "--connlimit-daddr", NULL);
-				fw3_ipt_rule_addarg(r, false, "--connlimit-upto", portcntbuf);
+					 1 + snat->port_snat.port_max -
+						 snat->port_snat.port_min);
+
+				fw3_ipt_rule_addarg(r, false, "-m",
+						    "connlimit");
+				fw3_ipt_rule_addarg(r, false,
+						    "--connlimit-daddr", NULL);
+				fw3_ipt_rule_addarg(r, false,
+						    "--connlimit-upto",
+						    portcntbuf);
 			}
 		}
 
 		fw3_ipt_rule_target(r, "SNAT");
 		fw3_ipt_rule_addarg(r, false, "--to-source", buf);
-	}
-	else if (snat->target == FW3_FLAG_ACCEPT)
-	{
+	} else if (snat->target == FW3_FLAG_ACCEPT) {
 		fw3_ipt_rule_target(r, "ACCEPT");
-	}
-	else
-	{
+	} else {
 		fw3_ipt_rule_target(r, "MASQUERADE");
 	}
 }
 
-static void
-set_comment(struct fw3_ipt_rule *r, const char *name, int num)
+static void set_comment(struct fw3_ipt_rule *r, const char *name, int num)
 {
 	if (name)
 		fw3_ipt_rule_comment(r, name);
@@ -318,16 +308,15 @@ set_comment(struct fw3_ipt_rule *r, const char *name, int num)
 		fw3_ipt_rule_comment(r, "@nat[%u]", num);
 }
 
-static void
-print_snat(struct fw3_ipt_handle *h, struct fw3_state *state,
-           struct fw3_snat *snat, int num, struct fw3_protocol *proto)
+static void print_snat(struct fw3_ipt_handle *h, struct fw3_state *state,
+		       struct fw3_snat *snat, int num,
+		       struct fw3_protocol *proto)
 {
 	struct fw3_ipt_rule *r;
 	struct fw3_address *src, *dst;
 	struct fw3_port *spt, *dpt;
 
-	switch (h->table)
-	{
+	switch (h->table) {
 	case FW3_TABLE_NAT:
 		src = &snat->ip_src;
 		dst = &snat->ip_dest;
@@ -352,9 +341,8 @@ print_snat(struct fw3_ipt_handle *h, struct fw3_state *state,
 	}
 }
 
-static void
-expand_snat(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                struct fw3_snat *snat, int num)
+static void expand_snat(struct fw3_ipt_handle *handle, struct fw3_state *state,
+			struct fw3_snat *snat, int num)
 {
 	struct fw3_protocol *proto;
 
@@ -363,37 +351,32 @@ expand_snat(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	else
 		info("   * NAT #%u", num);
 
-	if (!fw3_is_family(snat->_src, handle->family))
-	{
+	if (!fw3_is_family(snat->_src, handle->family)) {
 		info("     ! Skipping due to different family of zone");
 		return;
 	}
 
 	if (!fw3_is_family(&snat->ip_src, handle->family) ||
 	    !fw3_is_family(&snat->ip_dest, handle->family) ||
-		!fw3_is_family(&snat->ip_snat, handle->family))
-	{
-		if (!snat->ip_src.resolved ||
-		    !snat->ip_dest.resolved ||
+	    !fw3_is_family(&snat->ip_snat, handle->family)) {
+		if (!snat->ip_src.resolved || !snat->ip_dest.resolved ||
 		    !snat->ip_snat.resolved)
 			info("     ! Skipping due to different family of ip address");
 
 		return;
 	}
 
-	if (snat->ipset.ptr)
-	{
-		if (!fw3_is_family(snat->ipset.ptr, handle->family))
-		{
+	if (snat->ipset.ptr) {
+		if (!fw3_is_family(snat->ipset.ptr, handle->family)) {
 			info("     ! Skipping due to different family in ipset");
 			return;
 		}
 
-		if (!fw3_check_ipset(snat->ipset.ptr))
-		{
+		if (!fw3_check_ipset(snat->ipset.ptr)) {
 			info("     ! Skipping due to missing ipset '%s'",
 			     snat->ipset.ptr->external ?
-					snat->ipset.ptr->external : snat->ipset.ptr->name);
+				     snat->ipset.ptr->external :
+				     snat->ipset.ptr->name);
 			return;
 		}
 
@@ -404,8 +387,7 @@ expand_snat(struct fw3_ipt_handle *handle, struct fw3_state *state,
 		print_snat(handle, state, snat, num, proto);
 }
 
-void
-fw3_print_snats(struct fw3_ipt_handle *handle, struct fw3_state *state)
+void fw3_print_snats(struct fw3_ipt_handle *handle, struct fw3_state *state)
 {
 	int num = 0;
 	struct fw3_snat *snat;
@@ -416,6 +398,6 @@ fw3_print_snats(struct fw3_ipt_handle *handle, struct fw3_state *state)
 	if (handle->table != FW3_TABLE_NAT)
 		return;
 
-	list_for_each_entry(snat, &state->snats, list)
+	list_for_each_entry (snat, &state->snats, list)
 		expand_snat(handle, state, snat, num++);
 }
diff --git a/snats.h b/snats.h
index a0aabc1..a48c08f 100644
--- a/snats.h
+++ b/snats.h
@@ -27,7 +27,8 @@
 
 extern const struct fw3_option fw3_snat_opts[];
 
-void fw3_load_snats(struct fw3_state *state, struct uci_package *p, struct blob_attr *a);
+void fw3_load_snats(struct fw3_state *state, struct uci_package *p,
+		    struct blob_attr *a);
 void fw3_print_snats(struct fw3_ipt_handle *handle, struct fw3_state *state);
 
 static inline void fw3_free_snat(struct fw3_snat *snat)
diff --git a/ubus.c b/ubus.c
index bea9166..537ae1e 100644
--- a/ubus.c
+++ b/ubus.c
@@ -21,10 +21,10 @@
 static struct blob_attr *interfaces = NULL;
 static struct blob_attr *procd_data;
 
-
 static void dump_cb(struct ubus_request *req, int type, struct blob_attr *msg)
 {
-	static const struct blobmsg_policy policy = { "interface", BLOBMSG_TYPE_ARRAY };
+	static const struct blobmsg_policy policy = { "interface",
+						      BLOBMSG_TYPE_ARRAY };
 	struct blob_attr *cur;
 
 	blobmsg_parse(&policy, 1, &cur, blob_data(msg), blob_len(msg));
@@ -32,18 +32,18 @@ static void dump_cb(struct ubus_request *req, int type, struct blob_attr *msg)
 		interfaces = blob_memdup(cur);
 }
 
-static void procd_data_cb(struct ubus_request *req, int type, struct blob_attr *msg)
+static void procd_data_cb(struct ubus_request *req, int type,
+			  struct blob_attr *msg)
 {
 	procd_data = blob_memdup(msg);
 }
 
-bool
-fw3_ubus_connect(void)
+bool fw3_ubus_connect(void)
 {
 	bool status = false;
 	uint32_t id;
 	struct ubus_context *ctx = ubus_connect(NULL);
-	struct blob_buf b = { };
+	struct blob_buf b = {};
 
 	blob_buf_init(&b, 0);
 
@@ -73,15 +73,14 @@ out:
 	return status;
 }
 
-void
-fw3_ubus_disconnect(void)
+void fw3_ubus_disconnect(void)
 {
 	free(interfaces);
 	interfaces = NULL;
 }
 
-static struct fw3_address *
-parse_subnet(enum fw3_family family, struct blob_attr *dict, int rem)
+static struct fw3_address *parse_subnet(enum fw3_family family,
+					struct blob_attr *dict, int rem)
 {
 	struct blob_attr *cur;
 	struct fw3_address *addr;
@@ -97,18 +96,18 @@ parse_subnet(enum fw3_family family, struct blob_attr *dict, int rem)
 	{
 		if (!strcmp(blobmsg_name(cur), "address"))
 			inet_pton(family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-			          blobmsg_get_string(cur), &addr->address.v6);
+				  blobmsg_get_string(cur), &addr->address.v6);
 
 		else if (!strcmp(blobmsg_name(cur), "mask"))
-			fw3_bitlen2netmask(family, blobmsg_get_u32(cur), &addr->mask.v6);
+			fw3_bitlen2netmask(family, blobmsg_get_u32(cur),
+					   &addr->mask.v6);
 	}
 
 	return addr;
 }
 
-static int
-parse_subnets(struct list_head *head, enum fw3_family family,
-              struct blob_attr *list)
+static int parse_subnets(struct list_head *head, enum fw3_family family,
+			 struct blob_attr *list)
 {
 	struct blob_attr *cur;
 	struct fw3_address *addr;
@@ -121,10 +120,10 @@ parse_subnets(struct list_head *head, enum fw3_family family,
 
 	__blob_for_each_attr(cur, blobmsg_data(list), rem)
 	{
-		addr = parse_subnet(family, blobmsg_data(cur), blobmsg_data_len(cur));
+		addr = parse_subnet(family, blobmsg_data(cur),
+				    blobmsg_data_len(cur));
 
-		if (addr)
-		{
+		if (addr) {
 			list_add_tail(&addr->list, head);
 			n++;
 		}
@@ -133,15 +132,9 @@ parse_subnets(struct list_head *head, enum fw3_family family,
 	return n;
 }
 
-struct fw3_device *
-fw3_ubus_device(const char *net)
+struct fw3_device *fw3_ubus_device(const char *net)
 {
-	enum {
-		DEV_INTERFACE,
-		DEV_DEVICE,
-		DEV_L3_DEVICE,
-		__DEV_MAX
-	};
+	enum { DEV_INTERFACE, DEV_DEVICE, DEV_L3_DEVICE, __DEV_MAX };
 	static const struct blobmsg_policy policy[__DEV_MAX] = {
 		[DEV_INTERFACE] = { "interface", BLOBMSG_TYPE_STRING },
 		[DEV_DEVICE] = { "device", BLOBMSG_TYPE_STRING },
@@ -156,8 +149,10 @@ fw3_ubus_device(const char *net)
 	if (!net || !interfaces)
 		return NULL;
 
-	blobmsg_for_each_attr(cur, interfaces, rem) {
-		blobmsg_parse(policy, __DEV_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
+	blobmsg_for_each_attr(cur, interfaces, rem)
+	{
+		blobmsg_parse(policy, __DEV_MAX, tb, blobmsg_data(cur),
+			      blobmsg_len(cur));
 		if (!tb[DEV_INTERFACE] ||
 		    strcmp(blobmsg_data(tb[DEV_INTERFACE]), net) != 0)
 			continue;
@@ -186,21 +181,19 @@ fw3_ubus_device(const char *net)
 	return dev;
 }
 
-int
-fw3_ubus_address(struct list_head *list, const char *net)
+int fw3_ubus_address(struct list_head *list, const char *net)
 {
-	enum {
-		ADDR_INTERFACE,
-		ADDR_IPV4,
-		ADDR_IPV6,
-		ADDR_IPV6_PREFIX,
-		__ADDR_MAX
-	};
+	enum { ADDR_INTERFACE,
+	       ADDR_IPV4,
+	       ADDR_IPV6,
+	       ADDR_IPV6_PREFIX,
+	       __ADDR_MAX };
 	static const struct blobmsg_policy policy[__ADDR_MAX] = {
 		[ADDR_INTERFACE] = { "interface", BLOBMSG_TYPE_STRING },
 		[ADDR_IPV4] = { "ipv4-address", BLOBMSG_TYPE_ARRAY },
 		[ADDR_IPV6] = { "ipv6-address", BLOBMSG_TYPE_ARRAY },
-		[ADDR_IPV6_PREFIX] = { "ipv6-prefix-assignment", BLOBMSG_TYPE_ARRAY },
+		[ADDR_IPV6_PREFIX] = { "ipv6-prefix-assignment",
+				       BLOBMSG_TYPE_ARRAY },
 	};
 	struct blob_attr *tb[__ADDR_MAX];
 	struct blob_attr *cur;
@@ -209,8 +202,10 @@ fw3_ubus_address(struct list_head *list, const char *net)
 	if (!net || !interfaces)
 		return 0;
 
-	blobmsg_for_each_attr(cur, interfaces, rem) {
-		blobmsg_parse(policy, __ADDR_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
+	blobmsg_for_each_attr(cur, interfaces, rem)
+	{
+		blobmsg_parse(policy, __ADDR_MAX, tb, blobmsg_data(cur),
+			      blobmsg_len(cur));
 
 		if (!tb[ADDR_INTERFACE] ||
 		    strcmp(blobmsg_data(tb[ADDR_INTERFACE]), net) != 0)
@@ -224,25 +219,29 @@ fw3_ubus_address(struct list_head *list, const char *net)
 	return n;
 }
 
-void
-fw3_ubus_zone_devices(struct fw3_zone *zone)
+void fw3_ubus_zone_devices(struct fw3_zone *zone)
 {
 	struct blob_attr *c, *cur, *dcur;
 	unsigned r, rem, drem;
 	const char *name;
 	bool matches;
 
-	blobmsg_for_each_attr(c, interfaces, r) {
+	blobmsg_for_each_attr(c, interfaces, r)
+	{
 		name = NULL;
 		matches = false;
 
-		blobmsg_for_each_attr(cur, c, rem) {
+		blobmsg_for_each_attr(cur, c, rem)
+		{
 			if (!strcmp(blobmsg_name(cur), "interface"))
 				name = blobmsg_get_string(cur);
 			else if (!strcmp(blobmsg_name(cur), "data"))
-				blobmsg_for_each_attr(dcur, cur, drem)
-					if (!strcmp(blobmsg_name(dcur), "zone"))
-						matches = !strcmp(blobmsg_get_string(dcur), zone->name);
+				blobmsg_for_each_attr(
+					dcur, cur,
+					drem) if (!strcmp(blobmsg_name(dcur),
+							  "zone")) matches =
+					!strcmp(blobmsg_get_string(dcur),
+						zone->name);
 		}
 
 		if (name && matches)
@@ -251,8 +250,8 @@ fw3_ubus_zone_devices(struct fw3_zone *zone)
 }
 
 static void fw3_ubus_rules_add(struct blob_buf *b, const char *service,
-		const char *instance, const char *device,
-		const struct blob_attr *rule, unsigned n)
+			       const char *instance, const char *device,
+			       const struct blob_attr *rule, unsigned n)
 {
 	void *k = blobmsg_open_table(b, "");
 	struct blob_attr *ropt;
@@ -260,7 +259,8 @@ static void fw3_ubus_rules_add(struct blob_buf *b, const char *service,
 	char *type = NULL;
 	char comment[256];
 
-	blobmsg_for_each_attr(ropt, rule, orem) {
+	blobmsg_for_each_attr(ropt, rule, orem)
+	{
 		if (!strcmp(blobmsg_name(ropt), "type"))
 			type = blobmsg_data(ropt);
 		if (device && !strcmp(blobmsg_name(ropt), "device"))
@@ -270,11 +270,11 @@ static void fw3_ubus_rules_add(struct blob_buf *b, const char *service,
 	}
 
 	if (instance)
-		snprintf(comment, sizeof(comment), "ubus:%s[%s] %s %d",
-				service, instance, type ? type : "rule", n);
+		snprintf(comment, sizeof(comment), "ubus:%s[%s] %s %d", service,
+			 instance, type ? type : "rule", n);
 	else
-		snprintf(comment, sizeof(comment), "ubus:%s %s %d",
-				service, type ? type : "rule", n);
+		snprintf(comment, sizeof(comment), "ubus:%s %s %d", service,
+			 type ? type : "rule", n);
 
 	blobmsg_add_string(b, "name", comment);
 
@@ -284,21 +284,22 @@ static void fw3_ubus_rules_add(struct blob_buf *b, const char *service,
 	blobmsg_close_table(b, k);
 }
 
-void
-fw3_ubus_rules(struct blob_buf *b)
+void fw3_ubus_rules(struct blob_buf *b)
 {
 	blob_buf_init(b, 0);
 
 	struct blob_attr *c, *cur, *dcur, *rule;
 	unsigned n, r, rem, drem, rrem;
 
-	blobmsg_for_each_attr(c, interfaces, r) {
+	blobmsg_for_each_attr(c, interfaces, r)
+	{
 		const char *l3_device = NULL;
 		const char *iface_proto = "unknown";
 		const char *iface_name = "unknown";
 		struct blob_attr *data = NULL;
 
-		blobmsg_for_each_attr(cur, c, rem) {
+		blobmsg_for_each_attr(cur, c, rem)
+		{
 			if (!strcmp(blobmsg_name(cur), "l3_device"))
 				l3_device = blobmsg_get_string(cur);
 			else if (!strcmp(blobmsg_name(cur), "interface"))
@@ -312,7 +313,8 @@ fw3_ubus_rules(struct blob_buf *b)
 		if (!data || !l3_device)
 			continue;
 
-		blobmsg_for_each_attr(dcur, data, drem) {
+		blobmsg_for_each_attr(dcur, data, drem)
+		{
 			if (strcmp(blobmsg_name(dcur), "firewall"))
 				continue;
 
@@ -320,7 +322,7 @@ fw3_ubus_rules(struct blob_buf *b)
 
 			blobmsg_for_each_attr(rule, dcur, rrem)
 				fw3_ubus_rules_add(b, iface_name, iface_proto,
-					l3_device, rule, n++);
+						   l3_device, rule, n++);
 		}
 	}
 
@@ -328,12 +330,14 @@ fw3_ubus_rules(struct blob_buf *b)
 		return;
 
 	/* service */
-	blobmsg_for_each_attr(c, procd_data, r) {
+	blobmsg_for_each_attr(c, procd_data, r)
+	{
 		if (!blobmsg_check_attr(c, true))
 			continue;
 
 		/* instance */
-		blobmsg_for_each_attr(cur, c, rem) {
+		blobmsg_for_each_attr(cur, c, rem)
+		{
 			if (!blobmsg_check_attr(cur, true))
 				continue;
 
@@ -343,13 +347,15 @@ fw3_ubus_rules(struct blob_buf *b)
 
 				blobmsg_for_each_attr(rule, cur, rrem)
 					fw3_ubus_rules_add(b, blobmsg_name(c),
-						NULL, NULL, rule, n++);
+							   NULL, NULL, rule,
+							   n++);
 
 				continue;
 			}
 
 			/* type */
-			blobmsg_for_each_attr(dcur, cur, drem) {
+			blobmsg_for_each_attr(dcur, cur, drem)
+			{
 				if (!blobmsg_check_attr(dcur, true))
 					continue;
 
@@ -360,7 +366,8 @@ fw3_ubus_rules(struct blob_buf *b)
 
 				blobmsg_for_each_attr(rule, dcur, rrem)
 					fw3_ubus_rules_add(b, blobmsg_name(c),
-						blobmsg_name(cur), NULL, rule, n++);
+							   blobmsg_name(cur),
+							   NULL, rule, n++);
 			}
 		}
 	}
diff --git a/ubus.h b/ubus.h
index 263f827..6d1d7dd 100644
--- a/ubus.h
+++ b/ubus.h
@@ -24,11 +24,10 @@
 
 #include "options.h"
 
-
 bool fw3_ubus_connect(void);
 void fw3_ubus_disconnect(void);
 
-struct fw3_device * fw3_ubus_device(const char *net);
+struct fw3_device *fw3_ubus_device(const char *net);
 
 int fw3_ubus_address(struct list_head *list, const char *net);
 
diff --git a/utils.c b/utils.c
index 7f09787..0d9f96d 100644
--- a/utils.c
+++ b/utils.c
@@ -27,23 +27,19 @@
 #include "zones.h"
 #include "ipsets.h"
 
-
 static int lock_fd = -1;
 static pid_t pipe_pid = -1;
 static FILE *pipe_fd = NULL;
 
 bool fw3_pr_debug = false;
 
-
-static void
-warn_elem_section_name(struct uci_section *s, bool find_name)
+static void warn_elem_section_name(struct uci_section *s, bool find_name)
 {
 	int i = 0;
 	struct uci_option *o;
 	struct uci_element *tmp;
 
-	if (s->anonymous)
-	{
+	if (s->anonymous) {
 		uci_foreach_element(&s->package->sections, tmp)
 		{
 			if (strcmp(uci_to_section(tmp)->type, s->type))
@@ -57,22 +53,19 @@ warn_elem_section_name(struct uci_section *s, bool find_name)
 
 		fprintf(stderr, "@%s[%d]", s->type, i);
 
-		if (find_name)
-		{
+		if (find_name) {
 			uci_foreach_element(&s->options, tmp)
 			{
 				o = uci_to_option(tmp);
 
-				if (!strcmp(tmp->name, "name") && (o->type == UCI_TYPE_STRING))
-				{
+				if (!strcmp(tmp->name, "name") &&
+				    (o->type == UCI_TYPE_STRING)) {
 					fprintf(stderr, " (%s)", o->v.string);
 					break;
 				}
 			}
 		}
-	}
-	else
-	{
+	} else {
 		fprintf(stderr, "'%s'", s->e.name);
 	}
 
@@ -80,65 +73,57 @@ warn_elem_section_name(struct uci_section *s, bool find_name)
 		fprintf(stderr, " ");
 }
 
-void
-warn_elem(struct uci_element *e, const char *format, ...)
+void warn_elem(struct uci_element *e, const char *format, ...)
 {
-	if (e->type == UCI_TYPE_SECTION)
-	{
+	if (e->type == UCI_TYPE_SECTION) {
 		fprintf(stderr, "Warning: Section ");
 		warn_elem_section_name(uci_to_section(e), true);
-	}
-	else if (e->type == UCI_TYPE_OPTION)
-	{
+	} else if (e->type == UCI_TYPE_OPTION) {
 		fprintf(stderr, "Warning: Option ");
 		warn_elem_section_name(uci_to_option(e)->section, false);
 		fprintf(stderr, ".%s ", e->name);
 	}
 
-    va_list argptr;
-    va_start(argptr, format);
-    vfprintf(stderr, format, argptr);
-    va_end(argptr);
+	va_list argptr;
+	va_start(argptr, format);
+	vfprintf(stderr, format, argptr);
+	va_end(argptr);
 
 	fprintf(stderr, "\n");
 }
 
-void
-warn(const char* format, ...)
+void warn(const char *format, ...)
 {
 	fprintf(stderr, "Warning: ");
-    va_list argptr;
-    va_start(argptr, format);
-    vfprintf(stderr, format, argptr);
-    va_end(argptr);
+	va_list argptr;
+	va_start(argptr, format);
+	vfprintf(stderr, format, argptr);
+	va_end(argptr);
 	fprintf(stderr, "\n");
 }
 
-void
-error(const char* format, ...)
+void error(const char *format, ...)
 {
 	fprintf(stderr, "Error: ");
-    va_list argptr;
-    va_start(argptr, format);
-    vfprintf(stderr, format, argptr);
-    va_end(argptr);
+	va_list argptr;
+	va_start(argptr, format);
+	vfprintf(stderr, format, argptr);
+	va_end(argptr);
 	fprintf(stderr, "\n");
 
 	exit(1);
 }
 
-void
-info(const char* format, ...)
+void info(const char *format, ...)
 {
 	va_list argptr;
-    va_start(argptr, format);
-    vfprintf(stderr, format, argptr);
-    va_end(argptr);
+	va_start(argptr, format);
+	vfprintf(stderr, format, argptr);
+	va_end(argptr);
 	fprintf(stderr, "\n");
 }
 
-void *
-fw3_alloc(size_t size)
+void *fw3_alloc(size_t size)
 {
 	void *mem;
 
@@ -150,8 +135,7 @@ fw3_alloc(size_t size)
 	return mem;
 }
 
-char *
-fw3_strdup(const char *s)
+char *fw3_strdup(const char *s)
 {
 	char *ns;
 
@@ -163,8 +147,7 @@ fw3_strdup(const char *s)
 	return ns;
 }
 
-const char *
-fw3_find_command(const char *cmd)
+const char *fw3_find_command(const char *cmd)
 {
 	struct stat s;
 	int plen = 0, clen = strlen(cmd) + 1;
@@ -181,8 +164,7 @@ fw3_find_command(const char *cmd)
 
 	p = search;
 
-	do
-	{
+	do {
 		if (*p != ':' && *p != '\0')
 			continue;
 
@@ -198,21 +180,18 @@ fw3_find_command(const char *cmd)
 			return path;
 
 		search = p + 1;
-	}
-	while (*p++);
+	} while (*p++);
 
 	return NULL;
 }
 
-bool
-fw3_stdout_pipe(void)
+bool fw3_stdout_pipe(void)
 {
 	pipe_fd = stdout;
 	return true;
 }
 
-bool
-__fw3_command_pipe(bool silent, const char *command, ...)
+bool __fw3_command_pipe(bool silent, const char *command, ...)
 {
 	pid_t pid;
 	va_list argp;
@@ -239,22 +218,20 @@ __fw3_command_pipe(bool silent, const char *command, ...)
 
 	va_start(argp, command);
 
-	while ((arg = va_arg(argp, char *)) != NULL)
-	{
+	while ((arg = va_arg(argp, char *)) != NULL) {
 		tmp = realloc(args, ++argn * sizeof(arg));
 
 		if (!tmp)
 			break;
 
 		args = tmp;
-		args[argn-2] = arg;
-		args[argn-1] = NULL;
+		args[argn - 2] = arg;
+		args[argn - 1] = NULL;
 	}
 
 	va_end(argp);
 
-	switch ((pid = fork()))
-	{
+	switch ((pid = fork())) {
 	case -1:
 		free(args);
 		return false;
@@ -284,13 +261,11 @@ __fw3_command_pipe(bool silent, const char *command, ...)
 	return true;
 }
 
-void
-fw3_pr(const char *fmt, ...)
+void fw3_pr(const char *fmt, ...)
 {
 	va_list args;
 
-	if (fw3_pr_debug && pipe_fd != stdout)
-	{
+	if (fw3_pr_debug && pipe_fd != stdout) {
 		va_start(args, fmt);
 		vfprintf(stderr, fmt, args);
 		va_end(args);
@@ -301,8 +276,7 @@ fw3_pr(const char *fmt, ...)
 	va_end(args);
 }
 
-void
-fw3_command_close(void)
+void fw3_command_close(void)
 {
 	if (pipe_fd && pipe_fd != stdout)
 		fclose(pipe_fd);
@@ -316,24 +290,21 @@ fw3_command_close(void)
 	pipe_pid = -1;
 }
 
-bool
-fw3_has_table(bool ipv6, const char *table)
+bool fw3_has_table(bool ipv6, const char *table)
 {
 	FILE *f;
 
 	char line[12];
 	bool seen = false;
 
-	const char *path = ipv6
-		? "/proc/net/ip6_tables_names" : "/proc/net/ip_tables_names";
+	const char *path = ipv6 ? "/proc/net/ip6_tables_names" :
+				  "/proc/net/ip_tables_names";
 
 	if (!(f = fopen(path, "r")))
 		return false;
 
-	while (fgets(line, sizeof(line), f))
-	{
-		if (!strncmp(line, table, strlen(table)))
-		{
+	while (fgets(line, sizeof(line), f)) {
+		if (!strncmp(line, table, strlen(table))) {
 			seen = true;
 			break;
 		}
@@ -344,20 +315,17 @@ fw3_has_table(bool ipv6, const char *table)
 	return seen;
 }
 
-
-bool
-fw3_lock(void)
+bool fw3_lock(void)
 {
-	lock_fd = open(FW3_LOCKFILE, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
+	lock_fd = open(FW3_LOCKFILE, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
 
-	if (lock_fd < 0)
-	{
-		warn("Cannot create lock file %s: %s", FW3_LOCKFILE, strerror(errno));
+	if (lock_fd < 0) {
+		warn("Cannot create lock file %s: %s", FW3_LOCKFILE,
+		     strerror(errno));
 		return false;
 	}
 
-	if (flock(lock_fd, LOCK_EX))
-	{
+	if (flock(lock_fd, LOCK_EX)) {
 		warn("Cannot acquire exclusive lock: %s", strerror(errno));
 		return false;
 	}
@@ -365,8 +333,7 @@ fw3_lock(void)
 	return true;
 }
 
-void
-fw3_unlock(void)
+void fw3_unlock(void)
 {
 	if (lock_fd < 0)
 		return;
@@ -380,47 +347,44 @@ fw3_unlock(void)
 	lock_fd = -1;
 }
 
-
-static void
-write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d,
-                   struct uci_package *dest)
+static void write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d,
+			       struct uci_package *dest)
 {
 	char buf[sizeof("0xffffffff\0")];
 	struct uci_ptr ptr = { .p = dest };
 
 	uci_add_section(ctx, dest, "defaults", &ptr.s);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "input";
-	ptr.value  = fw3_flag_names[d->policy_input];
+	ptr.value = fw3_flag_names[d->policy_input];
 	uci_set(ctx, &ptr);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "output";
-	ptr.value  = fw3_flag_names[d->policy_output];
+	ptr.value = fw3_flag_names[d->policy_output];
 	uci_set(ctx, &ptr);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "forward";
-	ptr.value  = fw3_flag_names[d->policy_forward];
+	ptr.value = fw3_flag_names[d->policy_forward];
 	uci_set(ctx, &ptr);
 
 	sprintf(buf, "0x%x", d->flags[0]);
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "__flags_v4";
-	ptr.value  = buf;
+	ptr.value = buf;
 	uci_set(ctx, &ptr);
 
 	sprintf(buf, "0x%x", d->flags[1]);
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "__flags_v6";
-	ptr.value  = buf;
+	ptr.value = buf;
 	uci_set(ctx, &ptr);
 }
 
-static void
-write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
-               struct uci_package *dest, struct ifaddrs *ifaddr)
+static void write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
+			   struct uci_package *dest, struct ifaddrs *ifaddr)
 {
 	struct fw3_device *dev;
 	struct fw3_address *sub;
@@ -443,50 +407,49 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 
 	uci_add_section(ctx, dest, "zone", &ptr.s);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "name";
-	ptr.value  = z->name;
+	ptr.value = z->name;
 	uci_set(ctx, &ptr);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "input";
-	ptr.value  = fw3_flag_names[z->policy_input];
+	ptr.value = fw3_flag_names[z->policy_input];
 	uci_set(ctx, &ptr);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "output";
-	ptr.value  = fw3_flag_names[z->policy_output];
+	ptr.value = fw3_flag_names[z->policy_output];
 	uci_set(ctx, &ptr);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "forward";
-	ptr.value  = fw3_flag_names[z->policy_forward];
+	ptr.value = fw3_flag_names[z->policy_forward];
 	uci_set(ctx, &ptr);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "masq";
-	ptr.value  = z->masq ? "1" : "0";
+	ptr.value = z->masq ? "1" : "0";
 	uci_set(ctx, &ptr);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "mtu_fix";
-	ptr.value  = z->mtu_fix ? "1" : "0";
+	ptr.value = z->mtu_fix ? "1" : "0";
 	uci_set(ctx, &ptr);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "custom_chains";
-	ptr.value  = z->custom_chains ? "1" : "0";
+	ptr.value = z->custom_chains ? "1" : "0";
 	uci_set(ctx, &ptr);
 
-	if (fam != FW3_FAMILY_ANY)
-	{
-		ptr.o      = NULL;
+	if (fam != FW3_FAMILY_ANY) {
+		ptr.o = NULL;
 		ptr.option = "family";
-		ptr.value  = fw3_flag_names[fam];
+		ptr.value = fw3_flag_names[fam];
 		uci_set(ctx, &ptr);
 	}
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "device";
 
 	fw3_foreach(dev, &z->devices)
@@ -503,7 +466,8 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 			p += snprintf(p, ep - p, "!");
 
 		if (*dev->network)
-			p += snprintf(p, ep - p, "%s@%s", dev->name, dev->network);
+			p += snprintf(p, ep - p, "%s@%s", dev->name,
+				      dev->network);
 		else
 			p += snprintf(p, ep - p, "%s", dev->name);
 
@@ -511,7 +475,7 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 		uci_add_list(ctx, &ptr);
 	}
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "subnet";
 
 	fw3_foreach(sub, &z->subnets)
@@ -523,7 +487,7 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 		uci_add_list(ctx, &ptr);
 	}
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "__addrs";
 
 	fw3_foreach(dev, &z->devices)
@@ -531,19 +495,21 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 		if (!dev)
 			continue;
 
-		for (ifa = ifaddr; ifa; ifa = ifa->ifa_next)
-		{
+		for (ifa = ifaddr; ifa; ifa = ifa->ifa_next) {
 			if (!ifa->ifa_addr || strcmp(dev->name, ifa->ifa_name))
 				continue;
 
 			if (ifa->ifa_addr->sa_family == AF_INET)
 				inet_ntop(AF_INET,
-				          &((struct sockaddr_in *)ifa->ifa_addr)->sin_addr,
-				          buf, sizeof(buf));
+					  &((struct sockaddr_in *)ifa->ifa_addr)
+						   ->sin_addr,
+					  buf, sizeof(buf));
 			else if (ifa->ifa_addr->sa_family == AF_INET6)
-				inet_ntop(AF_INET6,
-				          &((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr,
-				          buf, sizeof(buf));
+				inet_ntop(
+					AF_INET6,
+					&((struct sockaddr_in6 *)ifa->ifa_addr)
+						 ->sin6_addr,
+					buf, sizeof(buf));
 			else
 				continue;
 
@@ -553,21 +519,20 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 	}
 
 	sprintf(buf, "0x%x", z->flags[0]);
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "__flags_v4";
-	ptr.value  = buf;
+	ptr.value = buf;
 	uci_set(ctx, &ptr);
 
 	sprintf(buf, "0x%x", z->flags[1]);
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "__flags_v6";
-	ptr.value  = buf;
+	ptr.value = buf;
 	uci_set(ctx, &ptr);
 }
 
-static void
-write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
-                struct uci_package *dest)
+static void write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
+			    struct uci_package *dest)
 {
 	struct fw3_ipset_datatype *type;
 
@@ -580,45 +545,43 @@ write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
 
 	uci_add_section(ctx, dest, "ipset", &ptr.s);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "name";
-	ptr.value  = s->name;
+	ptr.value = s->name;
 	uci_set(ctx, &ptr);
 
-	ptr.o      = NULL;
+	ptr.o = NULL;
 	ptr.option = "storage";
-	ptr.value  = fw3_ipset_method_names[s->method];
+	ptr.value = fw3_ipset_method_names[s->method];
 	uci_set(ctx, &ptr);
 
-	list_for_each_entry(type, &s->datatypes, list)
-	{
-		sprintf(buf, "%s_%s", type->dir, fw3_ipset_type_names[type->type]);
-		ptr.o      = NULL;
+	list_for_each_entry (type, &s->datatypes, list) {
+		sprintf(buf, "%s_%s", type->dir,
+			fw3_ipset_type_names[type->type]);
+		ptr.o = NULL;
 		ptr.option = "match";
-		ptr.value  = buf;
+		ptr.value = buf;
 		uci_add_list(ctx, &ptr);
 	}
 
-	if (s->iprange.set)
-	{
-		ptr.o      = NULL;
+	if (s->iprange.set) {
+		ptr.o = NULL;
 		ptr.option = "iprange";
-		ptr.value  = fw3_address_to_string(&s->iprange, false, false);
+		ptr.value = fw3_address_to_string(&s->iprange, false, false);
 		uci_set(ctx, &ptr);
 	}
 
-	if (s->portrange.set)
-	{
-		sprintf(buf, "%u-%u", s->portrange.port_min, s->portrange.port_max);
-		ptr.o      = NULL;
+	if (s->portrange.set) {
+		sprintf(buf, "%u-%u", s->portrange.port_min,
+			s->portrange.port_max);
+		ptr.o = NULL;
 		ptr.option = "portrange";
-		ptr.value  = buf;
+		ptr.value = buf;
 		uci_set(ctx, &ptr);
 	}
 }
 
-void
-fw3_write_statefile(void *state)
+void fw3_write_statefile(void *state)
 {
 	FILE *sf;
 	struct fw3_state *s = state;
@@ -629,23 +592,20 @@ fw3_write_statefile(void *state)
 	struct uci_package *p;
 
 	if (fw3_no_family(s->defaults.flags[0]) &&
-	    fw3_no_family(s->defaults.flags[1]))
-	{
+	    fw3_no_family(s->defaults.flags[1])) {
 		unlink(FW3_STATEFILE);
-	}
-	else
-	{
+	} else {
 		sf = fopen(FW3_STATEFILE, "w+");
 
-		if (!sf)
-		{
-			warn("Cannot create state %s: %s", FW3_STATEFILE, strerror(errno));
+		if (!sf) {
+			warn("Cannot create state %s: %s", FW3_STATEFILE,
+			     strerror(errno));
 			return;
 		}
 
-		if (getifaddrs(&ifaddr))
-		{
-			warn("Cannot get interface addresses: %s", strerror(errno));
+		if (getifaddrs(&ifaddr)) {
+			warn("Cannot get interface addresses: %s",
+			     strerror(errno));
 			ifaddr = NULL;
 		}
 
@@ -654,14 +614,13 @@ fw3_write_statefile(void *state)
 
 		uci_import(s->uci, sf, "fw3_state", NULL, true);
 
-		if ((p = uci_lookup_package(s->uci, "fw3_state")) != NULL)
-		{
+		if ((p = uci_lookup_package(s->uci, "fw3_state")) != NULL) {
 			write_defaults_uci(s->uci, &s->defaults, p);
 
-			list_for_each_entry(z, &s->zones, list)
+			list_for_each_entry (z, &s->zones, list)
 				write_zone_uci(s->uci, z, p, ifaddr);
 
-			list_for_each_entry(i, &s->ipsets, list)
+			list_for_each_entry (i, &s->ipsets, list)
 				write_ipset_uci(s->uci, i, p);
 
 			uci_export(s->uci, sf, p, true);
@@ -676,21 +635,17 @@ fw3_write_statefile(void *state)
 	}
 }
 
-
-void
-fw3_free_object(void *obj, const void *opts)
+void fw3_free_object(void *obj, const void *opts)
 {
 	const struct fw3_option *ol;
 	struct list_head *list, *cur, *tmp;
 
-	for (ol = opts; ol->name; ol++)
-	{
+	for (ol = opts; ol->name; ol++) {
 		if (!ol->elem_size)
 			continue;
 
 		list = (struct list_head *)((char *)obj + ol->offset);
-		list_for_each_safe(cur, tmp, list)
-		{
+		list_for_each_safe (cur, tmp, list) {
 			list_del(cur);
 			free(cur);
 		}
@@ -699,16 +654,14 @@ fw3_free_object(void *obj, const void *opts)
 	free(obj);
 }
 
-void
-fw3_free_list(struct list_head *head)
+void fw3_free_list(struct list_head *head)
 {
 	struct list_head *entry, *tmp;
 
 	if (!head)
 		return;
 
-	list_for_each_safe(entry, tmp, head)
-	{
+	list_for_each_safe (entry, tmp, head) {
 		list_del(entry);
 		free(entry);
 	}
@@ -716,8 +669,7 @@ fw3_free_list(struct list_head *head)
 	free(head);
 }
 
-bool
-fw3_hotplug(bool add, void *zone, void *device)
+bool fw3_hotplug(bool add, void *zone, void *device)
 {
 	struct fw3_zone *z = zone;
 	struct fw3_device *d = device;
@@ -725,8 +677,7 @@ fw3_hotplug(bool add, void *zone, void *device)
 	if (!*d->network)
 		return false;
 
-	switch (fork())
-	{
+	switch (fork()) {
 	case -1:
 		warn("Unable to fork(): %s\n", strerror(errno));
 		return false;
@@ -741,13 +692,14 @@ fw3_hotplug(bool add, void *zone, void *device)
 	close(0);
 	close(1);
 	close(2);
-	if (chdir("/")) {};
+	if (chdir("/")) {
+	};
 
 	clearenv();
-	setenv("ACTION",    add ? "add" : "remove", 1);
-	setenv("ZONE",      z->name,                1);
-	setenv("INTERFACE", d->network,             1);
-	setenv("DEVICE",    d->name,                1);
+	setenv("ACTION", add ? "add" : "remove", 1);
+	setenv("ZONE", z->name, 1);
+	setenv("INTERFACE", d->network, 1);
+	setenv("DEVICE", d->name, 1);
 
 	execl(FW3_HOTPLUG, FW3_HOTPLUG, "firewall", NULL);
 
@@ -755,8 +707,7 @@ fw3_hotplug(bool add, void *zone, void *device)
 	return false;
 }
 
-int
-fw3_netmask2bitlen(int family, void *mask)
+int fw3_netmask2bitlen(int family, void *mask)
 {
 	int bits;
 	struct in_addr *v4;
@@ -765,33 +716,32 @@ fw3_netmask2bitlen(int family, void *mask)
 	if (family == FW3_FAMILY_V6)
 		for (bits = 0, v6 = mask;
 		     bits < 128 && (v6->s6_addr[bits / 8] << (bits % 8)) & 128;
-		     bits++);
+		     bits++)
+			;
 	else
 		for (bits = 0, v4 = mask;
 		     bits < 32 && (ntohl(v4->s_addr) << bits) & 0x80000000;
-		     bits++);
+		     bits++)
+			;
 
 	return bits;
 }
 
-bool
-fw3_bitlen2netmask(int family, int bits, void *mask)
+bool fw3_bitlen2netmask(int family, int bits, void *mask)
 {
 	int i;
 	uint8_t rem, b;
 	struct in_addr *v4;
 	struct in6_addr *v6;
 
-	if (family == FW3_FAMILY_V6)
-	{
+	if (family == FW3_FAMILY_V6) {
 		if (bits < -128 || bits > 128)
 			return false;
 
 		v6 = mask;
 		rem = abs(bits);
 
-		for (i = 0; i < sizeof(v6->s6_addr); i++)
-		{
+		for (i = 0; i < sizeof(v6->s6_addr); i++) {
 			b = (rem > 8) ? 8 : rem;
 			v6->s6_addr[i] = (uint8_t)(0xFF << (8 - b));
 			rem -= b;
@@ -800,9 +750,7 @@ fw3_bitlen2netmask(int family, int bits, void *mask)
 		if (bits < 0)
 			for (i = 0; i < sizeof(v6->s6_addr); i++)
 				v6->s6_addr[i] = ~v6->s6_addr[i];
-	}
-	else
-	{
+	} else {
 		if (bits < -32 || bits > 32)
 			return false;
 
@@ -816,8 +764,7 @@ fw3_bitlen2netmask(int family, int bits, void *mask)
 	return true;
 }
 
-void
-fw3_flush_conntrack(void *state)
+void fw3_flush_conntrack(void *state)
 {
 	bool found;
 	struct fw3_state *s = state;
@@ -830,10 +777,8 @@ fw3_flush_conntrack(void *state)
 	char buf[INET6_ADDRSTRLEN];
 	FILE *ct;
 
-	if (!state)
-	{
-		if ((ct = fopen("/proc/net/nf_conntrack", "w")) != NULL)
-		{
+	if (!state) {
+		if ((ct = fopen("/proc/net/nf_conntrack", "w")) != NULL) {
 			info(" * Flushing conntrack table ...");
 
 			fwrite("f\n", 1, 2, ct);
@@ -843,56 +788,67 @@ fw3_flush_conntrack(void *state)
 		return;
 	}
 
-	if (getifaddrs(&ifaddr))
-	{
+	if (getifaddrs(&ifaddr)) {
 		warn("Cannot get interface addresses: %s", strerror(errno));
 		return;
 	}
 
-	if ((ct = fopen("/proc/net/nf_conntrack", "w")) != NULL)
-	{
-		list_for_each_entry(zone, &s->zones, list)
-		list_for_each_entry(addr, &zone->old_addrs, list)
-		{
-			found = false;
-
-			list_for_each_entry(dev, &zone->devices, list)
-			{
-				for (ifa = ifaddr; ifa && !found; ifa = ifa->ifa_next)
-				{
-					if (!ifa->ifa_addr || strcmp(dev->name, ifa->ifa_name))
-						continue;
-
-					sin = (struct sockaddr_in *)ifa->ifa_addr;
-					sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
-
-					if (addr->family == FW3_FAMILY_V4 &&
-						sin->sin_family == AF_INET)
-					{
-						found = !memcmp(&addr->address.v4, &sin->sin_addr,
-										sizeof(sin->sin_addr));
-					}
-					else if (addr->family == FW3_FAMILY_V6 &&
-							 sin6->sin6_family == AF_INET6)
-					{
-						found = !memcmp(&addr->address.v6, &sin6->sin6_addr,
-										sizeof(sin6->sin6_addr));
+	if ((ct = fopen("/proc/net/nf_conntrack", "w")) != NULL) {
+		list_for_each_entry (zone, &s->zones, list)
+			list_for_each_entry (addr, &zone->old_addrs, list) {
+				found = false;
+
+				list_for_each_entry (dev, &zone->devices,
+						     list) {
+					for (ifa = ifaddr; ifa && !found;
+					     ifa = ifa->ifa_next) {
+						if (!ifa->ifa_addr ||
+						    strcmp(dev->name,
+							   ifa->ifa_name))
+							continue;
+
+						sin = (struct sockaddr_in *)
+							      ifa->ifa_addr;
+						sin6 = (struct sockaddr_in6 *)
+							       ifa->ifa_addr;
+
+						if (addr->family ==
+							    FW3_FAMILY_V4 &&
+						    sin->sin_family ==
+							    AF_INET) {
+							found = !memcmp(
+								&addr->address
+									 .v4,
+								&sin->sin_addr,
+								sizeof(sin->sin_addr));
+						} else if (addr->family ==
+								   FW3_FAMILY_V6 &&
+							   sin6->sin6_family ==
+								   AF_INET6) {
+							found = !memcmp(
+								&addr->address
+									 .v6,
+								&sin6->sin6_addr,
+								sizeof(sin6->sin6_addr));
+						}
 					}
-				}
 
-				if (found)
-					break;
-			}
+					if (found)
+						break;
+				}
 
-			if (!found)
-			{
-				inet_ntop(addr->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-						  &addr->address.v4, buf, sizeof(buf));
+				if (!found) {
+					inet_ntop(
+						addr->family == FW3_FAMILY_V4 ?
+							AF_INET :
+							AF_INET6,
+						&addr->address.v4, buf,
+						sizeof(buf));
 
-				info(" * Flushing conntrack: %s", buf);
-				fprintf(ct, "%s\n", buf);
+					info(" * Flushing conntrack: %s", buf);
+					fprintf(ct, "%s\n", buf);
+				}
 			}
-		}
 
 		fclose(ct);
 	}
@@ -900,7 +856,8 @@ fw3_flush_conntrack(void *state)
 	freeifaddrs(ifaddr);
 }
 
-bool fw3_attr_parse_name_type(struct blob_attr *entry, const char **name, const char **type)
+bool fw3_attr_parse_name_type(struct blob_attr *entry, const char **name,
+			      const char **type)
 {
 	struct blob_attr *opt;
 	unsigned orem;
@@ -910,17 +867,16 @@ bool fw3_attr_parse_name_type(struct blob_attr *entry, const char **name, const
 
 	*type = NULL;
 
-	blobmsg_for_each_attr(opt, entry, orem)
-		if (!strcmp(blobmsg_name(opt), "type"))
-			*type = blobmsg_get_string(opt);
-		else if (!strcmp(blobmsg_name(opt), "name"))
-			*name = blobmsg_get_string(opt);
+	blobmsg_for_each_attr(opt, entry, orem) if (!strcmp(blobmsg_name(opt),
+							    "type")) *type =
+		blobmsg_get_string(opt);
+	else if (!strcmp(blobmsg_name(opt), "name")) *name =
+		blobmsg_get_string(opt);
 
 	return *type != NULL ? true : false;
 }
 
-const char *
-fw3_protoname(void *proto)
+const char *fw3_protoname(void *proto)
 {
 	static char buf[sizeof("4294967295")];
 	struct fw3_protocol *p = proto;
@@ -931,8 +887,7 @@ fw3_protoname(void *proto)
 
 	pe = getprotobynumber(p->protocol);
 
-	if (!pe)
-	{
+	if (!pe) {
 		snprintf(buf, sizeof(buf), "%u", p->protocol);
 		return buf;
 	}
@@ -940,8 +895,7 @@ fw3_protoname(void *proto)
 	return pe->p_name;
 }
 
-bool
-fw3_check_loopback_dev(const char *name)
+bool fw3_check_loopback_dev(const char *name)
 {
 	struct ifreq ifr;
 	int s = socket(AF_LOCAL, SOCK_DGRAM, 0);
@@ -959,11 +913,11 @@ out:
 	return rv;
 }
 
-bool
-fw3_check_loopback_addr(struct fw3_address *addr)
+bool fw3_check_loopback_addr(struct fw3_address *addr)
 {
 	if (addr->family == FW3_FAMILY_V4 &&
-	    (ntohl(addr->address.v4.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
+	    (ntohl(addr->address.v4.s_addr) >> IN_CLASSA_NSHIFT) ==
+		    IN_LOOPBACKNET)
 		return true;
 
 	if (addr->family == FW3_FAMILY_V6 && !addr->range &&
diff --git a/utils.h b/utils.h
index 1ada0dd..669058d 100644
--- a/utils.h
+++ b/utils.h
@@ -36,11 +36,10 @@
 #include <libubox/blob.h>
 #include <uci.h>
 
-
-#define FW3_STATEFILE	"/var/run/fw3.state"
-#define FW3_LOCKFILE	"/var/run/fw3.lock"
-#define FW3_HELPERCONF	"/usr/share/fw3/helpers.conf"
-#define FW3_HOTPLUG     "/sbin/hotplug-call"
+#define FW3_STATEFILE "/var/run/fw3.state"
+#define FW3_LOCKFILE "/var/run/fw3.lock"
+#define FW3_HELPERCONF "/usr/share/fw3/helpers.conf"
+#define FW3_HOTPLUG "/sbin/hotplug-call"
 
 extern bool fw3_pr_debug;
 
@@ -51,45 +50,46 @@ void warn(const char *format, ...);
 void error(const char *format, ...);
 void info(const char *format, ...);
 
-
-#define warn_section(t, r, e, fmt, ...)					\
-	do {									\
-		if (e)								\
-			warn_elem(e, fmt, ##__VA_ARGS__);			\
-		else								\
-			warn("Warning: ubus " t " (%s) " fmt, 			\
-				(r && r->name) ? r->name : "?", ##__VA_ARGS__);	\
-	} while(0)
+#define warn_section(t, r, e, fmt, ...)                                        \
+	do {                                                                   \
+		if (e)                                                         \
+			warn_elem(e, fmt, ##__VA_ARGS__);                      \
+		else                                                           \
+			warn("Warning: ubus " t " (%s) " fmt,                  \
+			     (r && r->name) ? r->name : "?", ##__VA_ARGS__);   \
+	} while (0)
 
 #define fw3_setbit(field, flag) field |= (1 << (flag))
 #define fw3_delbit(field, flag) field &= ~(1 << (flag))
 #define fw3_hasbit(field, flag) (field & (1 << (flag)))
 
-#define set(field, family, flag) fw3_setbit(field[family == FW3_FAMILY_V6], flag)
-#define del(field, family, flag) fw3_delbit(field[family == FW3_FAMILY_V6], flag)
-#define has(field, family, flag) fw3_hasbit(field[family == FW3_FAMILY_V6], flag)
+#define set(field, family, flag)                                               \
+	fw3_setbit(field[family == FW3_FAMILY_V6], flag)
+#define del(field, family, flag)                                               \
+	fw3_delbit(field[family == FW3_FAMILY_V6], flag)
+#define has(field, family, flag)                                               \
+	fw3_hasbit(field[family == FW3_FAMILY_V6], flag)
 
-#define fw3_foreach(p, h)                                                  \
+#define fw3_foreach(p, h)                                                      \
 	for (p = list_empty(h) ? NULL : list_first_entry(h, typeof(*p), list); \
-         list_empty(h) ? (p == NULL) : (&p->list != (h));                  \
-	     p = list_empty(h) ? list_first_entry(h, typeof(*p), list)         \
-                           : list_entry(p->list.next, typeof(*p), list))
+	     list_empty(h) ? (p == NULL) : (&p->list != (h));                  \
+	     p = list_empty(h) ? list_first_entry(h, typeof(*p), list) :       \
+				 list_entry(p->list.next, typeof(*p), list))
 
-#define fw3_is_family(p, f)                                                \
+#define fw3_is_family(p, f)                                                    \
 	(!p || (p)->family == FW3_FAMILY_ANY || (p)->family == f)
 
-#define fw3_no_family(flags)                                               \
+#define fw3_no_family(flags)                                                   \
 	(!(flags & ((1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6))))
 
-#define fw3_no_table(flags)                                                \
-    (!(flags & ((1<<FW3_TABLE_FILTER)|(1<<FW3_TABLE_NAT)|                  \
-                (1<<FW3_TABLE_MANGLE)|(1<<FW3_TABLE_RAW))))
+#define fw3_no_table(flags)                                                    \
+	(!(flags & ((1 << FW3_TABLE_FILTER) | (1 << FW3_TABLE_NAT) |           \
+		    (1 << FW3_TABLE_MANGLE) | (1 << FW3_TABLE_RAW))))
 
+void *fw3_alloc(size_t size);
+char *fw3_strdup(const char *s);
 
-void * fw3_alloc(size_t size);
-char * fw3_strdup(const char *s);
-
-const char * fw3_find_command(const char *cmd);
+const char *fw3_find_command(const char *cmd);
 
 bool fw3_stdout_pipe(void);
 bool __fw3_command_pipe(bool silent, const char *command, ...);
@@ -103,7 +103,6 @@ bool fw3_has_table(bool ipv6, const char *table);
 bool fw3_lock(void);
 void fw3_unlock(void);
 
-
 void fw3_write_statefile(void *state);
 
 void fw3_free_object(void *obj, const void *opts);
@@ -118,9 +117,10 @@ bool fw3_bitlen2netmask(int family, int bits, void *mask);
 
 void fw3_flush_conntrack(void *zone);
 
-bool fw3_attr_parse_name_type(struct blob_attr *entry, const char **name, const char **type);
+bool fw3_attr_parse_name_type(struct blob_attr *entry, const char **name,
+			      const char **type);
 
-const char * fw3_protoname(void *proto);
+const char *fw3_protoname(void *proto);
 
 bool fw3_check_loopback_dev(const char *name);
 
diff --git a/xtables-10.h b/xtables-10.h
index 7ea5315..bc978bf 100644
--- a/xtables-10.h
+++ b/xtables-10.h
@@ -22,8 +22,7 @@
 extern struct xtables_match *xtables_pending_matches;
 extern struct xtables_target *xtables_pending_targets;
 
-static inline void
-fw3_xt_reset(void)
+static inline void fw3_xt_reset(void)
 {
 	xtables_matches = NULL;
 	xtables_targets = NULL;
@@ -32,107 +31,99 @@ fw3_xt_reset(void)
 	xtables_pending_targets = NULL;
 }
 
-
-static inline const char *
-fw3_xt_get_match_name(struct xtables_match *m)
+static inline const char *fw3_xt_get_match_name(struct xtables_match *m)
 {
-    if (m->alias)
-        return m->alias(m->m);
+	if (m->alias)
+		return m->alias(m->m);
 
-    return m->m->u.user.name;
+	return m->m->u.user.name;
 }
 
-static inline void
-fw3_xt_set_match_name(struct xtables_match *m)
+static inline void fw3_xt_set_match_name(struct xtables_match *m)
 {
-    if (m->real_name)
-        strcpy(m->m->u.user.name, m->real_name);
-    else
-        strcpy(m->m->u.user.name, m->name);
+	if (m->real_name)
+		strcpy(m->m->u.user.name, m->real_name);
+	else
+		strcpy(m->m->u.user.name, m->name);
 }
 
-static inline bool
-fw3_xt_has_match_parse(struct xtables_match *m)
+static inline bool fw3_xt_has_match_parse(struct xtables_match *m)
 {
-    return (m->parse || m->x6_parse);
+	return (m->parse || m->x6_parse);
 }
 
-static inline void
-fw3_xt_free_match_udata(struct xtables_match *m)
+static inline void fw3_xt_free_match_udata(struct xtables_match *m)
 {
-    if (m->udata_size)
-    {
-        free(m->udata);
-        m->udata = fw3_alloc(m->udata_size);
-    }
+	if (m->udata_size) {
+		free(m->udata);
+		m->udata = fw3_alloc(m->udata_size);
+	}
 }
 
-static inline void
-fw3_xt_merge_match_options(struct xtables_globals *g, struct xtables_match *m)
+static inline void fw3_xt_merge_match_options(struct xtables_globals *g,
+					      struct xtables_match *m)
 {
 	if (m->x6_options)
-		g->opts = xtables_options_xfrm(g->orig_opts, g->opts,
-									   m->x6_options, &m->option_offset);
+		g->opts =
+			xtables_options_xfrm(g->orig_opts, g->opts,
+					     m->x6_options, &m->option_offset);
 
 	if (m->extra_opts)
-		g->opts = xtables_merge_options(g->orig_opts, g->opts,
-										m->extra_opts, &m->option_offset);
+		g->opts =
+			xtables_merge_options(g->orig_opts, g->opts,
+					      m->extra_opts, &m->option_offset);
 }
 
-
-static inline const char *
-fw3_xt_get_target_name(struct xtables_target *t)
+static inline const char *fw3_xt_get_target_name(struct xtables_target *t)
 {
-    if (t->alias)
-        return t->alias(t->t);
+	if (t->alias)
+		return t->alias(t->t);
 
-    return t->t->u.user.name;
+	return t->t->u.user.name;
 }
 
-static inline void
-fw3_xt_set_target_name(struct xtables_target *t, const char *name)
+static inline void fw3_xt_set_target_name(struct xtables_target *t,
+					  const char *name)
 {
-    if (t->real_name)
-        strcpy(t->t->u.user.name, t->real_name);
-    else
-        strcpy(t->t->u.user.name, name);
+	if (t->real_name)
+		strcpy(t->t->u.user.name, t->real_name);
+	else
+		strcpy(t->t->u.user.name, name);
 }
 
-static inline bool
-fw3_xt_has_target_parse(struct xtables_target *t)
+static inline bool fw3_xt_has_target_parse(struct xtables_target *t)
 {
-    return (t->parse || t->x6_parse);
+	return (t->parse || t->x6_parse);
 }
 
-static inline void
-fw3_xt_free_target_udata(struct xtables_target *t)
+static inline void fw3_xt_free_target_udata(struct xtables_target *t)
 {
-    if (t->udata_size)
-    {
-        free(t->udata);
-        t->udata = fw3_alloc(t->udata_size);
-    }
+	if (t->udata_size) {
+		free(t->udata);
+		t->udata = fw3_alloc(t->udata_size);
+	}
 }
 
-static inline void
-fw3_xt_merge_target_options(struct xtables_globals *g, struct xtables_target *t)
+static inline void fw3_xt_merge_target_options(struct xtables_globals *g,
+					       struct xtables_target *t)
 {
 	if (t->x6_options)
-		g->opts = xtables_options_xfrm(g->orig_opts, g->opts,
-		                               t->x6_options, &t->option_offset);
+		g->opts =
+			xtables_options_xfrm(g->orig_opts, g->opts,
+					     t->x6_options, &t->option_offset);
 	else
-		g->opts = xtables_merge_options(g->orig_opts, g->opts,
-		                                t->extra_opts, &t->option_offset);
+		g->opts =
+			xtables_merge_options(g->orig_opts, g->opts,
+					      t->extra_opts, &t->option_offset);
 }
 
-static inline void
-fw3_xt_print_matches(void *ip, struct xtables_rule_match *matches)
+static inline void fw3_xt_print_matches(void *ip,
+					struct xtables_rule_match *matches)
 {
 	struct xtables_rule_match *rm;
 	struct xtables_match *m;
 
-	for (rm = matches; rm; rm = rm->next)
-	{
+	for (rm = matches; rm; rm = rm->next) {
 		m = rm->match;
 		printf(" -m %s", fw3_xt_get_match_name(m));
 
@@ -141,11 +132,9 @@ fw3_xt_print_matches(void *ip, struct xtables_rule_match *matches)
 	}
 }
 
-static inline void
-fw3_xt_print_target(void *ip, struct xtables_target *target)
+static inline void fw3_xt_print_target(void *ip, struct xtables_target *target)
 {
-	if (target)
-	{
+	if (target) {
 		printf(" -j %s", fw3_xt_get_target_name(target));
 
 		if (target->save)
diff --git a/xtables-5.h b/xtables-5.h
index 9d11cae..b4c40f0 100644
--- a/xtables-5.h
+++ b/xtables-5.h
@@ -19,85 +19,76 @@
 #ifndef __FW3_XTABLES_5_H
 #define __FW3_XTABLES_5_H
 
-static inline void
-fw3_xt_reset(void)
+static inline void fw3_xt_reset(void)
 {
 	xtables_matches = NULL;
 	xtables_targets = NULL;
 }
 
-
-static inline const char *
-fw3_xt_get_match_name(struct xtables_match *m)
+static inline const char *fw3_xt_get_match_name(struct xtables_match *m)
 {
-    return m->m->u.user.name;
+	return m->m->u.user.name;
 }
 
-static inline void
-fw3_xt_set_match_name(struct xtables_match *m)
+static inline void fw3_xt_set_match_name(struct xtables_match *m)
 {
-    strcpy(m->m->u.user.name, m->name);
+	strcpy(m->m->u.user.name, m->name);
 }
 
-static inline bool
-fw3_xt_has_match_parse(struct xtables_match *m)
+static inline bool fw3_xt_has_match_parse(struct xtables_match *m)
 {
-    return !!m->parse;
+	return !!m->parse;
 }
 
-static inline void
-fw3_xt_free_match_udata(struct xtables_match *m)
+static inline void fw3_xt_free_match_udata(struct xtables_match *m)
 {
-    return;
+	return;
 }
 
-static inline void
-fw3_xt_merge_match_options(struct xtables_globals *g, struct xtables_match *m)
+static inline void fw3_xt_merge_match_options(struct xtables_globals *g,
+					      struct xtables_match *m)
 {
-	g->opts = xtables_merge_options(g->opts, m->extra_opts, &m->option_offset);
+	g->opts = xtables_merge_options(g->opts, m->extra_opts,
+					&m->option_offset);
 }
 
-
-static inline const char *
-fw3_xt_get_target_name(struct xtables_target *t)
+static inline const char *fw3_xt_get_target_name(struct xtables_target *t)
 {
-    return t->t->u.user.name;
+	return t->t->u.user.name;
 }
 
-static inline void
-fw3_xt_set_target_name(struct xtables_target *t, const char *name)
+static inline void fw3_xt_set_target_name(struct xtables_target *t,
+					  const char *name)
 {
-    strcpy(t->t->u.user.name, name);
+	strcpy(t->t->u.user.name, name);
 }
 
-static inline bool
-fw3_xt_has_target_parse(struct xtables_target *t)
+static inline bool fw3_xt_has_target_parse(struct xtables_target *t)
 {
-    return !!t->parse;
+	return !!t->parse;
 }
 
-static inline void
-fw3_xt_free_target_udata(struct xtables_target *t)
+static inline void fw3_xt_free_target_udata(struct xtables_target *t)
 {
-    return;
+	return;
 }
 
-static inline void
-fw3_xt_merge_target_options(struct xtables_globals *g, struct xtables_target *t)
+static inline void fw3_xt_merge_target_options(struct xtables_globals *g,
+					       struct xtables_target *t)
 {
-	g->opts = xtables_merge_options(g->opts, t->extra_opts, &t->option_offset);
+	g->opts = xtables_merge_options(g->opts, t->extra_opts,
+					&t->option_offset);
 }
 
-static inline void
-fw3_xt_print_matches(void *ip, struct xtables_rule_match *matches)
+static inline void fw3_xt_print_matches(void *ip,
+					struct xtables_rule_match *matches)
 {
 	struct xtables_rule_match *rm;
 	struct xtables_match *m;
 
 	printf(" ");
 
-	for (rm = matches; rm; rm = rm->next)
-	{
+	for (rm = matches; rm; rm = rm->next) {
 		m = rm->match;
 		printf("-m %s ", fw3_xt_get_match_name(m));
 
@@ -106,11 +97,9 @@ fw3_xt_print_matches(void *ip, struct xtables_rule_match *matches)
 	}
 }
 
-static inline void
-fw3_xt_print_target(void *ip, struct xtables_target *target)
+static inline void fw3_xt_print_target(void *ip, struct xtables_target *target)
 {
-	if (target)
-	{
+	if (target) {
 		printf("-j %s ", fw3_xt_get_target_name(target));
 
 		if (target->save)
@@ -118,34 +107,33 @@ fw3_xt_print_target(void *ip, struct xtables_target *target)
 	}
 }
 
-
 /* xtables api addons */
 
-static inline void
-xtables_option_mpcall(unsigned int c, char **argv, bool invert,
-                      struct xtables_match *m, void *fw)
+static inline void xtables_option_mpcall(unsigned int c, char **argv,
+					 bool invert, struct xtables_match *m,
+					 void *fw)
 {
 	if (m->parse)
-		m->parse(c - m->option_offset, argv, invert, &m->mflags, fw, &m->m);
+		m->parse(c - m->option_offset, argv, invert, &m->mflags, fw,
+			 &m->m);
 }
 
-static inline void
-xtables_option_mfcall(struct xtables_match *m)
+static inline void xtables_option_mfcall(struct xtables_match *m)
 {
 	if (m->final_check)
 		m->final_check(m->mflags);
 }
 
-static inline void
-xtables_option_tpcall(unsigned int c, char **argv, bool invert,
-                      struct xtables_target *t, void *fw)
+static inline void xtables_option_tpcall(unsigned int c, char **argv,
+					 bool invert, struct xtables_target *t,
+					 void *fw)
 {
 	if (t->parse)
-		t->parse(c - t->option_offset, argv, invert, &t->tflags, fw, &t->t);
+		t->parse(c - t->option_offset, argv, invert, &t->tflags, fw,
+			 &t->t);
 }
 
-static inline void
-xtables_option_tfcall(struct xtables_target *t)
+static inline void xtables_option_tfcall(struct xtables_target *t)
 {
 	if (t->final_check)
 		t->final_check(t->tflags);
@@ -156,18 +144,15 @@ xtables_rule_matches_free(struct xtables_rule_match **matches)
 {
 	struct xtables_rule_match *mp, *tmp;
 
-	for (mp = *matches; mp;)
-	{
+	for (mp = *matches; mp;) {
 		tmp = mp->next;
 
-		if (mp->match->m)
-		{
+		if (mp->match->m) {
 			free(mp->match->m);
 			mp->match->m = NULL;
 		}
 
-		if (mp->match == mp->match->next)
-		{
+		if (mp->match == mp->match->next) {
 			free(mp->match);
 			mp->match = NULL;
 		}
@@ -179,8 +164,7 @@ xtables_rule_matches_free(struct xtables_rule_match **matches)
 	*matches = NULL;
 }
 
-static inline int
-xtables_ipmask_to_cidr(const struct in_addr *mask)
+static inline int xtables_ipmask_to_cidr(const struct in_addr *mask)
 {
 	int bits;
 	uint32_t m;
@@ -191,8 +175,7 @@ xtables_ipmask_to_cidr(const struct in_addr *mask)
 	return bits;
 }
 
-static inline int
-xtables_ip6mask_to_cidr(const struct in6_addr *mask)
+static inline int xtables_ip6mask_to_cidr(const struct in6_addr *mask)
 {
 	int bits = 0;
 	uint32_t a, b, c, d;
@@ -202,14 +185,13 @@ xtables_ip6mask_to_cidr(const struct in6_addr *mask)
 	c = ntohl(mask->s6_addr32[2]);
 	d = ntohl(mask->s6_addr32[3]);
 
-	while (a & 0x80000000U)
-	{
+	while (a & 0x80000000U) {
 		a <<= 1;
-		a  |= (b >> 31) & 1;
+		a |= (b >> 31) & 1;
 		b <<= 1;
-		b  |= (c >> 31) & 1;
+		b |= (c >> 31) & 1;
 		c <<= 1;
-		c  |= (d >> 31) & 1;
+		c |= (d >> 31) & 1;
 		d <<= 1;
 
 		bits++;
diff --git a/zones.c b/zones.c
index 4f2b1e4..5455ff4 100644
--- a/zones.c
+++ b/zones.c
@@ -20,37 +20,38 @@
 #include "ubus.h"
 #include "helpers.h"
 
-
-#define C(f, tbl, tgt, fmt) \
-	{ FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_FLAG_##tgt, fmt }
+#define C(f, tbl, tgt, fmt)                                                    \
+	{                                                                      \
+		FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_FLAG_##tgt, fmt           \
+	}
 
 static const struct fw3_chain_spec zone_chains[] = {
-	C(ANY, FILTER, UNSPEC,        "zone_%s_input"),
-	C(ANY, FILTER, UNSPEC,        "zone_%s_output"),
-	C(ANY, FILTER, UNSPEC,        "zone_%s_forward"),
+	C(ANY, FILTER, UNSPEC, "zone_%s_input"),
+	C(ANY, FILTER, UNSPEC, "zone_%s_output"),
+	C(ANY, FILTER, UNSPEC, "zone_%s_forward"),
 
-	C(ANY, FILTER, SRC_ACCEPT,    "zone_%s_src_ACCEPT"),
-	C(ANY, FILTER, SRC_REJECT,    "zone_%s_src_REJECT"),
-	C(ANY, FILTER, SRC_DROP,      "zone_%s_src_DROP"),
+	C(ANY, FILTER, SRC_ACCEPT, "zone_%s_src_ACCEPT"),
+	C(ANY, FILTER, SRC_REJECT, "zone_%s_src_REJECT"),
+	C(ANY, FILTER, SRC_DROP, "zone_%s_src_DROP"),
 
-	C(ANY, FILTER, ACCEPT,        "zone_%s_dest_ACCEPT"),
-	C(ANY, FILTER, REJECT,        "zone_%s_dest_REJECT"),
-	C(ANY, FILTER, DROP,          "zone_%s_dest_DROP"),
+	C(ANY, FILTER, ACCEPT, "zone_%s_dest_ACCEPT"),
+	C(ANY, FILTER, REJECT, "zone_%s_dest_REJECT"),
+	C(ANY, FILTER, DROP, "zone_%s_dest_DROP"),
 
-	C(V4,  NAT,    SNAT,          "zone_%s_postrouting"),
-	C(V4,  NAT,    DNAT,          "zone_%s_prerouting"),
+	C(V4, NAT, SNAT, "zone_%s_postrouting"),
+	C(V4, NAT, DNAT, "zone_%s_prerouting"),
 
-	C(ANY, RAW,    HELPER,        "zone_%s_helper"),
-	C(ANY, RAW,    NOTRACK,       "zone_%s_notrack"),
+	C(ANY, RAW, HELPER, "zone_%s_helper"),
+	C(ANY, RAW, NOTRACK, "zone_%s_notrack"),
 
 	C(ANY, FILTER, CUSTOM_CHAINS, "input_%s_rule"),
 	C(ANY, FILTER, CUSTOM_CHAINS, "output_%s_rule"),
 	C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_%s_rule"),
 
-	C(V4,  NAT,    CUSTOM_CHAINS, "prerouting_%s_rule"),
-	C(V4,  NAT,    CUSTOM_CHAINS, "postrouting_%s_rule"),
+	C(V4, NAT, CUSTOM_CHAINS, "prerouting_%s_rule"),
+	C(V4, NAT, CUSTOM_CHAINS, "postrouting_%s_rule"),
 
-	{ }
+	{}
 };
 
 enum fw3_zone_logmask {
@@ -59,69 +60,63 @@ enum fw3_zone_logmask {
 };
 
 const struct fw3_option fw3_zone_opts[] = {
-	FW3_OPT("enabled",             bool,     zone,     enabled),
+	FW3_OPT("enabled", bool, zone, enabled),
 
-	FW3_OPT("name",                string,   zone,     name),
-	FW3_OPT("family",              family,   zone,     family),
+	FW3_OPT("name", string, zone, name),
+	FW3_OPT("family", family, zone, family),
 
-	FW3_LIST("network",            device,   zone,     networks),
-	FW3_LIST("device",             device,   zone,     devices),
-	FW3_LIST("subnet",             network,  zone,     subnets),
+	FW3_LIST("network", device, zone, networks),
+	FW3_LIST("device", device, zone, devices),
+	FW3_LIST("subnet", network, zone, subnets),
 
-	FW3_OPT("input",               target,   zone,     policy_input),
-	FW3_OPT("forward",             target,   zone,     policy_forward),
-	FW3_OPT("output",              target,   zone,     policy_output),
+	FW3_OPT("input", target, zone, policy_input),
+	FW3_OPT("forward", target, zone, policy_forward),
+	FW3_OPT("output", target, zone, policy_output),
 
-	FW3_OPT("masq",                bool,     zone,     masq),
-	FW3_OPT("masq_allow_invalid",  bool,     zone,     masq_allow_invalid),
-	FW3_LIST("masq_src",           network,  zone,     masq_src),
-	FW3_LIST("masq_dest",          network,  zone,     masq_dest),
+	FW3_OPT("masq", bool, zone, masq),
+	FW3_OPT("masq_allow_invalid", bool, zone, masq_allow_invalid),
+	FW3_LIST("masq_src", network, zone, masq_src),
+	FW3_LIST("masq_dest", network, zone, masq_dest),
 
-	FW3_OPT("extra",               string,   zone,     extra_src),
-	FW3_OPT("extra_src",           string,   zone,     extra_src),
-	FW3_OPT("extra_dest",          string,   zone,     extra_dest),
+	FW3_OPT("extra", string, zone, extra_src),
+	FW3_OPT("extra_src", string, zone, extra_src),
+	FW3_OPT("extra_dest", string, zone, extra_dest),
 
-	FW3_OPT("mtu_fix",             bool,     zone,     mtu_fix),
-	FW3_OPT("custom_chains",       bool,     zone,     custom_chains),
+	FW3_OPT("mtu_fix", bool, zone, mtu_fix),
+	FW3_OPT("custom_chains", bool, zone, custom_chains),
 
-	FW3_OPT("log",                 int,      zone,     log),
-	FW3_OPT("log_limit",           limit,    zone,     log_limit),
+	FW3_OPT("log", int, zone, log),
+	FW3_OPT("log_limit", limit, zone, log_limit),
 
-	FW3_OPT("auto_helper",         bool,     zone,     auto_helper),
-	FW3_LIST("helper",             cthelper, zone,     cthelpers),
+	FW3_OPT("auto_helper", bool, zone, auto_helper),
+	FW3_LIST("helper", cthelper, zone, cthelpers),
 
-	FW3_OPT("__flags_v4",          int,      zone,     flags[0]),
-	FW3_OPT("__flags_v6",          int,      zone,     flags[1]),
+	FW3_OPT("__flags_v4", int, zone, flags[0]),
+	FW3_OPT("__flags_v6", int, zone, flags[1]),
 
-	FW3_LIST("__addrs",            address,  zone,     old_addrs),
+	FW3_LIST("__addrs", address, zone, old_addrs),
 
-	{ }
+	{}
 };
 
-static void
-check_policy(struct uci_element *e, enum fw3_flag *pol, enum fw3_flag def,
-             const char *name)
+static void check_policy(struct uci_element *e, enum fw3_flag *pol,
+			 enum fw3_flag def, const char *name)
 {
-	if (*pol == FW3_FLAG_UNSPEC)
-	{
+	if (*pol == FW3_FLAG_UNSPEC) {
 		warn_elem(e, "has no %s policy specified, using default", name);
 		*pol = def;
-	}
-	else if (*pol > FW3_FLAG_DROP)
-	{
+	} else if (*pol > FW3_FLAG_DROP) {
 		warn_elem(e, "has invalid %s policy, using default", name);
 		*pol = def;
 	}
 }
 
-static bool
-check_masq_addrs(struct list_head *head)
+static bool check_masq_addrs(struct list_head *head)
 {
 	struct fw3_address *addr;
 	int n_addr = 0, n_failed = 0;
 
-	list_for_each_entry(addr, head, list)
-	{
+	list_for_each_entry (addr, head, list) {
 		if (addr->invert)
 			continue;
 
@@ -134,18 +129,16 @@ check_masq_addrs(struct list_head *head)
 	return (n_addr == 0 || n_failed < n_addr);
 }
 
-static void
-resolve_networks(struct uci_element *e, struct fw3_zone *zone)
+static void resolve_networks(struct uci_element *e, struct fw3_zone *zone)
 {
 	struct fw3_device *net, *tmp;
 
-	list_for_each_entry(net, &zone->networks, list)
-	{
+	list_for_each_entry (net, &zone->networks, list) {
 		tmp = fw3_ubus_device(net->name);
 
-		if (!tmp)
-		{
-			warn_elem(e, "cannot resolve device of network '%s'", net->name);
+		if (!tmp) {
+			warn_elem(e, "cannot resolve device of network '%s'",
+				  net->name);
 			continue;
 		}
 
@@ -154,15 +147,13 @@ resolve_networks(struct uci_element *e, struct fw3_zone *zone)
 	}
 }
 
-static void
-resolve_cthelpers(struct fw3_state *s, struct uci_element *e, struct fw3_zone *zone)
+static void resolve_cthelpers(struct fw3_state *s, struct uci_element *e,
+			      struct fw3_zone *zone)
 {
 	struct fw3_cthelpermatch *match;
 
-	if (list_empty(&zone->cthelpers))
-	{
-		if (!zone->masq && zone->auto_helper)
-		{
+	if (list_empty(&zone->cthelpers)) {
+		if (!zone->masq && zone->auto_helper) {
 			fw3_setbit(zone->flags[0], FW3_FLAG_HELPER);
 			fw3_setbit(zone->flags[1], FW3_FLAG_HELPER);
 		}
@@ -170,19 +161,17 @@ resolve_cthelpers(struct fw3_state *s, struct uci_element *e, struct fw3_zone *z
 		return;
 	}
 
-	list_for_each_entry(match, &zone->cthelpers, list)
-	{
-		if (match->invert)
-		{
+	list_for_each_entry (match, &zone->cthelpers, list) {
+		if (match->invert) {
 			warn_elem(e, "must not use a negated helper match");
 			continue;
 		}
 
 		match->ptr = fw3_lookup_cthelper(s, match->name);
 
-		if (!match->ptr)
-		{
-			warn_elem(e, "refers to not existing helper '%s'", match->name);
+		if (!match->ptr) {
+			warn_elem(e, "refers to not existing helper '%s'",
+				  match->name);
 			continue;
 		}
 
@@ -194,8 +183,7 @@ resolve_cthelpers(struct fw3_state *s, struct uci_element *e, struct fw3_zone *z
 	}
 }
 
-struct fw3_zone *
-fw3_alloc_zone(void)
+struct fw3_zone *fw3_alloc_zone(void)
 {
 	struct fw3_zone *zone;
 
@@ -220,8 +208,7 @@ fw3_alloc_zone(void)
 	return zone;
 }
 
-void
-fw3_load_zones(struct fw3_state *state, struct uci_package *p)
+void fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 {
 	struct uci_section *s;
 	struct uci_element *e;
@@ -245,8 +232,7 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 		if (!fw3_parse_options(zone, fw3_zone_opts, s))
 			warn_elem(e, "has invalid options");
 
-		if (!zone->enabled)
-		{
+		if (!zone->enabled) {
 			fw3_free_zone(zone);
 			continue;
 		}
@@ -260,17 +246,17 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 		if (!defs->auto_helper && zone->auto_helper)
 			zone->auto_helper = false;
 
-		if (!zone->name || !*zone->name)
-		{
+		if (!zone->name || !*zone->name) {
 			warn_elem(e, "has no name - ignoring");
 			fw3_free_zone(zone);
 			continue;
 		}
 
-		if (strlen(zone->name) > FW3_ZONE_MAXNAMELEN)
-		{
-			warn_elem(e, "must not have a name longer than %u characters",
-			             FW3_ZONE_MAXNAMELEN);
+		if (strlen(zone->name) > FW3_ZONE_MAXNAMELEN) {
+			warn_elem(
+				e,
+				"must not have a name longer than %u characters",
+				FW3_ZONE_MAXNAMELEN);
 			fw3_free_zone(zone);
 			continue;
 		}
@@ -278,47 +264,50 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 		fw3_ubus_zone_devices(zone);
 
 		if (list_empty(&zone->networks) && list_empty(&zone->devices) &&
-		    list_empty(&zone->subnets) && !zone->extra_src)
-		{
-			warn_elem(e, "has no device, network, subnet or extra options");
+		    list_empty(&zone->subnets) && !zone->extra_src) {
+			warn_elem(
+				e,
+				"has no device, network, subnet or extra options");
 		}
 
-		if (!check_masq_addrs(&zone->masq_src))
-		{
+		if (!check_masq_addrs(&zone->masq_src)) {
 			warn_elem(e, "has unresolved masq_src, disabling masq");
 			zone->masq = false;
 		}
 
-		if (!check_masq_addrs(&zone->masq_dest))
-		{
-			warn_elem(e, "has unresolved masq_dest, disabling masq");
+		if (!check_masq_addrs(&zone->masq_dest)) {
+			warn_elem(e,
+				  "has unresolved masq_dest, disabling masq");
 			zone->masq = false;
 		}
 
-		check_policy(e, &zone->policy_input, defs->policy_input, "input");
-		check_policy(e, &zone->policy_output, defs->policy_output, "output");
-		check_policy(e, &zone->policy_forward, defs->policy_forward, "forward");
+		check_policy(e, &zone->policy_input, defs->policy_input,
+			     "input");
+		check_policy(e, &zone->policy_output, defs->policy_output,
+			     "output");
+		check_policy(e, &zone->policy_forward, defs->policy_forward,
+			     "forward");
 
 		resolve_networks(e, zone);
 
-		if (zone->masq)
-		{
+		if (zone->masq) {
 			fw3_setbit(zone->flags[0], FW3_FLAG_SNAT);
 		}
 
-		if (zone->custom_chains)
-		{
+		if (zone->custom_chains) {
 			fw3_setbit(zone->flags[0], FW3_FLAG_SNAT);
 			fw3_setbit(zone->flags[0], FW3_FLAG_DNAT);
 		}
 
 		resolve_cthelpers(state, e, zone);
 
-		fw3_setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));
+		fw3_setbit(zone->flags[0],
+			   fw3_to_src_target(zone->policy_input));
 		fw3_setbit(zone->flags[0], zone->policy_forward);
 		fw3_setbit(zone->flags[0], zone->policy_output);
 
-		fw3_setbit(zone->flags[1], fw3_to_src_target(zone->policy_input));
+		fw3_setbit(zone->flags[1],
+			   fw3_to_src_target(zone->policy_input));
 		fw3_setbit(zone->flags[1], zone->policy_forward);
 		fw3_setbit(zone->flags[1], zone->policy_output);
 
@@ -326,24 +315,23 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 	}
 }
 
-
-static void
-print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                 bool reload, struct fw3_zone *zone)
+static void print_zone_chain(struct fw3_ipt_handle *handle,
+			     struct fw3_state *state, bool reload,
+			     struct fw3_zone *zone)
 {
 	int i;
 	struct fw3_ipt_rule *r;
 	const struct fw3_chain_spec *c;
 
 	const char *flt_chains[] = {
-		"input",   "input",
-		"output",  "output",
-		"forward", "forwarding",
+		"input", "input", "output", "output", "forward", "forwarding",
 	};
 
 	const char *nat_chains[] = {
-		"prerouting",  "prerouting",
-		"postrouting", "postrouting",
+		"prerouting",
+		"prerouting",
+		"postrouting",
+		"postrouting",
 	};
 
 	if (!fw3_is_family(zone, handle->family))
@@ -354,8 +342,7 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	if (zone->custom_chains)
 		set(zone->flags, handle->family, FW3_FLAG_CUSTOM_CHAINS);
 
-	for (c = zone_chains; c->format; c++)
-	{
+	for (c = zone_chains; c->format; c++) {
 		/* don't touch user chains on selective stop */
 		if (reload && c->flag == FW3_FLAG_CUSTOM_CHAINS)
 			continue;
@@ -367,32 +354,43 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
 			continue;
 
 		if (c->flag &&
-		    !fw3_hasbit(zone->flags[handle->family == FW3_FAMILY_V6], c->flag))
+		    !fw3_hasbit(zone->flags[handle->family == FW3_FAMILY_V6],
+				c->flag))
 			continue;
 
 		fw3_ipt_create_chain(handle, c->format, zone->name);
 	}
 
-	if (zone->custom_chains)
-	{
-		if (handle->table == FW3_TABLE_FILTER)
-		{
-			for (i = 0; i < sizeof(flt_chains)/sizeof(flt_chains[0]); i += 2)
-			{
+	if (zone->custom_chains) {
+		if (handle->table == FW3_TABLE_FILTER) {
+			for (i = 0;
+			     i < sizeof(flt_chains) / sizeof(flt_chains[0]);
+			     i += 2) {
 				r = fw3_ipt_rule_new(handle);
-				fw3_ipt_rule_comment(r, "Custom %s %s rule chain", zone->name, flt_chains[i+1]);
-				fw3_ipt_rule_target(r, "%s_%s_rule", flt_chains[i+1], zone->name);
-				fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, flt_chains[i]);
+				fw3_ipt_rule_comment(r,
+						     "Custom %s %s rule chain",
+						     zone->name,
+						     flt_chains[i + 1]);
+				fw3_ipt_rule_target(r, "%s_%s_rule",
+						    flt_chains[i + 1],
+						    zone->name);
+				fw3_ipt_rule_append(r, "zone_%s_%s", zone->name,
+						    flt_chains[i]);
 			}
-		}
-		else if (handle->table == FW3_TABLE_NAT)
-		{
-			for (i = 0; i < sizeof(nat_chains)/sizeof(nat_chains[0]); i += 2)
-			{
+		} else if (handle->table == FW3_TABLE_NAT) {
+			for (i = 0;
+			     i < sizeof(nat_chains) / sizeof(nat_chains[0]);
+			     i += 2) {
 				r = fw3_ipt_rule_new(handle);
-				fw3_ipt_rule_comment(r, "Custom %s %s rule chain", zone->name, nat_chains[i+1]);
-				fw3_ipt_rule_target(r, "%s_%s_rule", nat_chains[i+1], zone->name);
-				fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, nat_chains[i]);
+				fw3_ipt_rule_comment(r,
+						     "Custom %s %s rule chain",
+						     zone->name,
+						     nat_chains[i + 1]);
+				fw3_ipt_rule_target(r, "%s_%s_rule",
+						    nat_chains[i + 1],
+						    zone->name);
+				fw3_ipt_rule_append(r, "zone_%s_%s", zone->name,
+						    nat_chains[i]);
 			}
 		}
 	}
@@ -400,10 +398,10 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	set(zone->flags, handle->family, handle->table);
 }
 
-static void
-print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
-					 bool reload, struct fw3_zone *zone,
-                     struct fw3_device *dev, struct fw3_address *sub)
+static void print_interface_rule(struct fw3_ipt_handle *handle,
+				 struct fw3_state *state, bool reload,
+				 struct fw3_zone *zone, struct fw3_device *dev,
+				 struct fw3_address *sub)
 {
 	struct fw3_protocol tcp = { .protocol = 6 };
 	struct fw3_ipt_rule *r;
@@ -414,92 +412,113 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	int i;
 
 	const char *chains[] = {
-		"input", "INPUT",
-		"output", "OUTPUT",
-		"forward", "FORWARD",
+		"input", "INPUT", "output", "OUTPUT", "forward", "FORWARD",
 	};
 
-#define jump_target(t) \
-	((t == FW3_FLAG_REJECT) ? "reject" : fw3_flag_names[t])
+#define jump_target(t) ((t == FW3_FLAG_REJECT) ? "reject" : fw3_flag_names[t])
 
-	if (handle->table == FW3_TABLE_FILTER)
-	{
-		for (t = FW3_FLAG_ACCEPT; t <= FW3_FLAG_DROP; t++)
-		{
-			if (t > FW3_FLAG_ACCEPT && zone->log & FW3_ZONE_LOG_FILTER)
-			{
-				if (has(zone->flags, handle->family, fw3_to_src_target(t)))
-				{
-					r = fw3_ipt_rule_create(handle, NULL, dev, NULL, sub, NULL);
+	if (handle->table == FW3_TABLE_FILTER) {
+		for (t = FW3_FLAG_ACCEPT; t <= FW3_FLAG_DROP; t++) {
+			if (t > FW3_FLAG_ACCEPT &&
+			    zone->log & FW3_ZONE_LOG_FILTER) {
+				if (has(zone->flags, handle->family,
+					fw3_to_src_target(t))) {
+					r = fw3_ipt_rule_create(handle, NULL,
+								dev, NULL, sub,
+								NULL);
 
-					snprintf(buf, sizeof(buf) - 1, "%s %s in: ",
-					         fw3_flag_names[t], zone->name);
+					snprintf(buf, sizeof(buf) - 1,
+						 "%s %s in: ",
+						 fw3_flag_names[t], zone->name);
 
 					fw3_ipt_rule_limit(r, &zone->log_limit);
 					fw3_ipt_rule_target(r, "LOG");
-					fw3_ipt_rule_addarg(r, false, "--log-prefix", buf);
-					fw3_ipt_rule_replace(r, "zone_%s_src_%s",
-					                     zone->name, fw3_flag_names[t]);
+					fw3_ipt_rule_addarg(
+						r, false, "--log-prefix", buf);
+					fw3_ipt_rule_replace(r,
+							     "zone_%s_src_%s",
+							     zone->name,
+							     fw3_flag_names[t]);
 				}
 
-				if (has(zone->flags, handle->family, t))
-				{
-					r = fw3_ipt_rule_create(handle, NULL, NULL, dev, NULL, sub);
+				if (has(zone->flags, handle->family, t)) {
+					r = fw3_ipt_rule_create(handle, NULL,
+								NULL, dev, NULL,
+								sub);
 
-					snprintf(buf, sizeof(buf) - 1, "%s %s out: ",
-					         fw3_flag_names[t], zone->name);
+					snprintf(buf, sizeof(buf) - 1,
+						 "%s %s out: ",
+						 fw3_flag_names[t], zone->name);
 
 					fw3_ipt_rule_limit(r, &zone->log_limit);
 					fw3_ipt_rule_target(r, "LOG");
-					fw3_ipt_rule_addarg(r, false, "--log-prefix", buf);
-					fw3_ipt_rule_replace(r, "zone_%s_dest_%s",
-					                     zone->name, fw3_flag_names[t]);
+					fw3_ipt_rule_addarg(
+						r, false, "--log-prefix", buf);
+					fw3_ipt_rule_replace(r,
+							     "zone_%s_dest_%s",
+							     zone->name,
+							     fw3_flag_names[t]);
 				}
 			}
 
-			if (has(zone->flags, handle->family, fw3_to_src_target(t)))
-			{
-				r = fw3_ipt_rule_create(handle, NULL, dev, NULL, sub, NULL);
+			if (has(zone->flags, handle->family,
+				fw3_to_src_target(t))) {
+				r = fw3_ipt_rule_create(handle, NULL, dev, NULL,
+							sub, NULL);
 				fw3_ipt_rule_target(r, jump_target(t));
 				fw3_ipt_rule_extra(r, zone->extra_src);
 
-				if (t == FW3_FLAG_ACCEPT && !state->defaults.drop_invalid)
-					fw3_ipt_rule_extra(r,
-					                   "-m conntrack --ctstate NEW,UNTRACKED");
-
-				fw3_ipt_rule_replace(r, "zone_%s_src_%s", zone->name,
-				                     fw3_flag_names[t]);
+				if (t == FW3_FLAG_ACCEPT &&
+				    !state->defaults.drop_invalid)
+					fw3_ipt_rule_extra(
+						r,
+						"-m conntrack --ctstate NEW,UNTRACKED");
+
+				fw3_ipt_rule_replace(r, "zone_%s_src_%s",
+						     zone->name,
+						     fw3_flag_names[t]);
 			}
 
-			if (has(zone->flags, handle->family, t))
-			{
-				if (t == FW3_FLAG_ACCEPT &&
-				    zone->masq && !zone->masq_allow_invalid)
-				{
-					r = fw3_ipt_rule_create(handle, NULL, NULL, dev, NULL, sub);
-					fw3_ipt_rule_extra(r, "-m conntrack --ctstate INVALID");
-					fw3_ipt_rule_comment(r, "Prevent NAT leakage");
-					fw3_ipt_rule_target(r, fw3_flag_names[FW3_FLAG_DROP]);
-					fw3_ipt_rule_replace(r, "zone_%s_dest_%s", zone->name,
-					                     fw3_flag_names[t]);
+			if (has(zone->flags, handle->family, t)) {
+				if (t == FW3_FLAG_ACCEPT && zone->masq &&
+				    !zone->masq_allow_invalid) {
+					r = fw3_ipt_rule_create(handle, NULL,
+								NULL, dev, NULL,
+								sub);
+					fw3_ipt_rule_extra(
+						r,
+						"-m conntrack --ctstate INVALID");
+					fw3_ipt_rule_comment(
+						r, "Prevent NAT leakage");
+					fw3_ipt_rule_target(
+						r,
+						fw3_flag_names[FW3_FLAG_DROP]);
+					fw3_ipt_rule_replace(r,
+							     "zone_%s_dest_%s",
+							     zone->name,
+							     fw3_flag_names[t]);
 				}
 
-				r = fw3_ipt_rule_create(handle, NULL, NULL, dev, NULL, sub);
+				r = fw3_ipt_rule_create(handle, NULL, NULL, dev,
+							NULL, sub);
 				fw3_ipt_rule_target(r, jump_target(t));
 				fw3_ipt_rule_extra(r, zone->extra_dest);
-				fw3_ipt_rule_replace(r, "zone_%s_dest_%s", zone->name,
-				                     fw3_flag_names[t]);
+				fw3_ipt_rule_replace(r, "zone_%s_dest_%s",
+						     zone->name,
+						     fw3_flag_names[t]);
 			}
 		}
 
-		for (i = 0; i < sizeof(chains)/sizeof(chains[0]); i += 2)
-		{
+		for (i = 0; i < sizeof(chains) / sizeof(chains[0]); i += 2) {
 			if (*chains[i] == 'o')
-				r = fw3_ipt_rule_create(handle, NULL, NULL, dev, NULL, sub);
+				r = fw3_ipt_rule_create(handle, NULL, NULL, dev,
+							NULL, sub);
 			else
-				r = fw3_ipt_rule_create(handle, NULL, dev, NULL, sub, NULL);
+				r = fw3_ipt_rule_create(handle, NULL, dev, NULL,
+							sub, NULL);
 
-			fw3_ipt_rule_target(r, "zone_%s_%s", zone->name, chains[i]);
+			fw3_ipt_rule_target(r, "zone_%s_%s", zone->name,
+					    chains[i]);
 
 			if (*chains[i] == 'o')
 				fw3_ipt_rule_extra(r, zone->extra_dest);
@@ -508,71 +527,79 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 
 			fw3_ipt_rule_replace(r, chains[i + 1]);
 		}
-	}
-	else if (handle->table == FW3_TABLE_NAT)
-	{
-		if (has(zone->flags, handle->family, FW3_FLAG_DNAT))
-		{
-			r = fw3_ipt_rule_create(handle, NULL, dev, NULL, sub, NULL);
-			fw3_ipt_rule_target(r, "zone_%s_prerouting", zone->name);
+	} else if (handle->table == FW3_TABLE_NAT) {
+		if (has(zone->flags, handle->family, FW3_FLAG_DNAT)) {
+			r = fw3_ipt_rule_create(handle, NULL, dev, NULL, sub,
+						NULL);
+			fw3_ipt_rule_target(r, "zone_%s_prerouting",
+					    zone->name);
 			fw3_ipt_rule_extra(r, zone->extra_src);
 			fw3_ipt_rule_replace(r, "PREROUTING");
 		}
 
-		if (has(zone->flags, handle->family, FW3_FLAG_SNAT))
-		{
-			r = fw3_ipt_rule_create(handle, NULL, NULL, dev, NULL, sub);
-			fw3_ipt_rule_target(r, "zone_%s_postrouting", zone->name);
+		if (has(zone->flags, handle->family, FW3_FLAG_SNAT)) {
+			r = fw3_ipt_rule_create(handle, NULL, NULL, dev, NULL,
+						sub);
+			fw3_ipt_rule_target(r, "zone_%s_postrouting",
+					    zone->name);
 			fw3_ipt_rule_extra(r, zone->extra_dest);
 			fw3_ipt_rule_replace(r, "POSTROUTING");
 		}
-	}
-	else if (handle->table == FW3_TABLE_MANGLE)
-	{
-		if (zone->mtu_fix)
-		{
-			if (zone->log & FW3_ZONE_LOG_MANGLE)
-			{
-				snprintf(buf, sizeof(buf) - 1, "MSSFIX %s out: ", zone->name);
-
-				r = fw3_ipt_rule_create(handle, &tcp, NULL, dev, NULL, sub);
-				fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST");
+	} else if (handle->table == FW3_TABLE_MANGLE) {
+		if (zone->mtu_fix) {
+			if (zone->log & FW3_ZONE_LOG_MANGLE) {
+				snprintf(buf, sizeof(buf) - 1,
+					 "MSSFIX %s out: ", zone->name);
+
+				r = fw3_ipt_rule_create(handle, &tcp, NULL, dev,
+							NULL, sub);
+				fw3_ipt_rule_addarg(r, false, "--tcp-flags",
+						    "SYN,RST");
 				fw3_ipt_rule_addarg(r, false, "SYN", NULL);
 				fw3_ipt_rule_limit(r, &zone->log_limit);
-				fw3_ipt_rule_comment(r, "Zone %s MTU fix logging", zone->name);
+				fw3_ipt_rule_comment(r,
+						     "Zone %s MTU fix logging",
+						     zone->name);
 				fw3_ipt_rule_target(r, "LOG");
-				fw3_ipt_rule_addarg(r, false, "--log-prefix", buf);
+				fw3_ipt_rule_addarg(r, false, "--log-prefix",
+						    buf);
 				fw3_ipt_rule_replace(r, "FORWARD");
 			}
 
-			r = fw3_ipt_rule_create(handle, &tcp, NULL, dev, NULL, sub);
+			r = fw3_ipt_rule_create(handle, &tcp, NULL, dev, NULL,
+						sub);
 			fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST");
 			fw3_ipt_rule_addarg(r, false, "SYN", NULL);
-			fw3_ipt_rule_comment(r, "Zone %s MTU fixing", zone->name);
+			fw3_ipt_rule_comment(r, "Zone %s MTU fixing",
+					     zone->name);
 			fw3_ipt_rule_target(r, "TCPMSS");
-			fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL);
+			fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu",
+					    NULL);
 			fw3_ipt_rule_replace(r, "FORWARD");
 		}
-	}
-	else if (handle->table == FW3_TABLE_RAW)
-	{
-		bool loopback_dev = (dev != NULL && !dev->any &&
-				     !dev->invert && fw3_check_loopback_dev(dev->name));
-		char *chain = loopback_dev || (sub != NULL && !sub->invert && fw3_check_loopback_addr(sub)) ?
-			      "OUTPUT" : "PREROUTING";
-
-		if (has(zone->flags, handle->family, FW3_FLAG_HELPER))
-		{
-			r = fw3_ipt_rule_create(handle, NULL, loopback_dev ? NULL : dev, NULL, sub, NULL);
-			fw3_ipt_rule_comment(r, "%s CT helper assignment", zone->name);
+	} else if (handle->table == FW3_TABLE_RAW) {
+		bool loopback_dev = (dev != NULL && !dev->any && !dev->invert &&
+				     fw3_check_loopback_dev(dev->name));
+		char *chain = loopback_dev || (sub != NULL && !sub->invert &&
+					       fw3_check_loopback_addr(sub)) ?
+				      "OUTPUT" :
+				      "PREROUTING";
+
+		if (has(zone->flags, handle->family, FW3_FLAG_HELPER)) {
+			r = fw3_ipt_rule_create(handle, NULL,
+						loopback_dev ? NULL : dev, NULL,
+						sub, NULL);
+			fw3_ipt_rule_comment(r, "%s CT helper assignment",
+					     zone->name);
 			fw3_ipt_rule_target(r, "zone_%s_helper", zone->name);
 			fw3_ipt_rule_extra(r, zone->extra_src);
 			fw3_ipt_rule_replace(r, chain);
 		}
 
-		if (has(zone->flags, handle->family, FW3_FLAG_NOTRACK))
-		{
-			r = fw3_ipt_rule_create(handle, NULL, loopback_dev ? NULL : dev, NULL, sub, NULL);
+		if (has(zone->flags, handle->family, FW3_FLAG_NOTRACK)) {
+			r = fw3_ipt_rule_create(handle, NULL,
+						loopback_dev ? NULL : dev, NULL,
+						sub, NULL);
 			fw3_ipt_rule_comment(r, "%s CT bypass", zone->name);
 			fw3_ipt_rule_target(r, "zone_%s_notrack", zone->name);
 			fw3_ipt_rule_extra(r, zone->extra_src);
@@ -581,15 +608,14 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	}
 }
 
-static void
-print_interface_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                      bool reload, struct fw3_zone *zone)
+static void print_interface_rules(struct fw3_ipt_handle *handle,
+				  struct fw3_state *state, bool reload,
+				  struct fw3_zone *zone)
 {
 	struct fw3_device *dev;
 	struct fw3_address *sub;
 
-	fw3_foreach(dev, &zone->devices)
-	fw3_foreach(sub, &zone->subnets)
+	fw3_foreach(dev, &zone->devices) fw3_foreach(sub, &zone->subnets)
 	{
 		if (!fw3_is_family(sub, handle->family))
 			continue;
@@ -601,27 +627,27 @@ print_interface_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	}
 }
 
-static struct fw3_address *
-next_addr(struct fw3_address *addr, struct list_head *list,
-                enum fw3_family family, bool invert)
+static struct fw3_address *next_addr(struct fw3_address *addr,
+				     struct list_head *list,
+				     enum fw3_family family, bool invert)
 {
 	struct list_head *p;
 	struct fw3_address *rv;
 
-	for (p = addr ? addr->list.next : list->next; p != list; p = p->next)
-	{
+	for (p = addr ? addr->list.next : list->next; p != list; p = p->next) {
 		rv = list_entry(p, struct fw3_address, list);
 
-		if (fw3_is_family(rv, family) && rv->set && rv->invert == invert)
+		if (fw3_is_family(rv, family) && rv->set &&
+		    rv->invert == invert)
 			return rv;
 	}
 
 	return NULL;
 }
 
-static void
-print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                bool reload, struct fw3_zone *zone)
+static void print_zone_rule(struct fw3_ipt_handle *handle,
+			    struct fw3_state *state, bool reload,
+			    struct fw3_zone *zone)
 {
 	bool first_src, first_dest;
 	struct fw3_address *msrc;
@@ -633,11 +659,9 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 
 	info("   * Zone '%s'", zone->name);
 
-	switch (handle->table)
-	{
+	switch (handle->table) {
 	case FW3_TABLE_FILTER:
-		if (has(zone->flags, handle->family, FW3_FLAG_DNAT))
-		{
+		if (has(zone->flags, handle->family, FW3_FLAG_DNAT)) {
 			r = fw3_ipt_rule_new(handle);
 			fw3_ipt_rule_extra(r, "-m conntrack --ctstate DNAT");
 			fw3_ipt_rule_comment(r, "Accept port redirections");
@@ -653,47 +677,48 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 
 		r = fw3_ipt_rule_new(handle);
 		fw3_ipt_rule_target(r, "zone_%s_src_%s", zone->name,
-		                     fw3_flag_names[zone->policy_input]);
+				    fw3_flag_names[zone->policy_input]);
 		fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
 
 		r = fw3_ipt_rule_new(handle);
 		fw3_ipt_rule_target(r, "zone_%s_dest_%s", zone->name,
-		                     fw3_flag_names[zone->policy_forward]);
+				    fw3_flag_names[zone->policy_forward]);
 		fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);
 
 		r = fw3_ipt_rule_new(handle);
 		fw3_ipt_rule_target(r, "zone_%s_dest_%s", zone->name,
-		                     fw3_flag_names[zone->policy_output]);
+				    fw3_flag_names[zone->policy_output]);
 		fw3_ipt_rule_append(r, "zone_%s_output", zone->name);
 
 		break;
 
 	case FW3_TABLE_NAT:
-		if (zone->masq && handle->family == FW3_FAMILY_V4)
-		{
+		if (zone->masq && handle->family == FW3_FAMILY_V4) {
 			/* for any negated masq_src ip, emit -s addr -j RETURN rules */
 			for (msrc = NULL;
 			     (msrc = next_addr(msrc, &zone->masq_src,
-			                       handle->family, true)) != NULL; )
-			{
+					       handle->family, true)) !=
+			     NULL;) {
 				msrc->invert = false;
 				r = fw3_ipt_rule_new(handle);
 				fw3_ipt_rule_src_dest(r, msrc, NULL);
 				fw3_ipt_rule_target(r, "RETURN");
-				fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+				fw3_ipt_rule_append(r, "zone_%s_postrouting",
+						    zone->name);
 				msrc->invert = true;
 			}
 
 			/* for any negated masq_dest ip, emit -d addr -j RETURN rules */
 			for (mdest = NULL;
 			     (mdest = next_addr(mdest, &zone->masq_dest,
-			                        handle->family, true)) != NULL; )
-			{
+						handle->family, true)) !=
+			     NULL;) {
 				mdest->invert = false;
 				r = fw3_ipt_rule_new(handle);
 				fw3_ipt_rule_src_dest(r, NULL, mdest);
 				fw3_ipt_rule_target(r, "RETURN");
-				fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+				fw3_ipt_rule_append(r, "zone_%s_postrouting",
+						    zone->name);
 				mdest->invert = true;
 			}
 
@@ -702,18 +727,21 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 			   even if there are no relevant addresses */
 			for (first_src = true, msrc = NULL;
 			     (msrc = next_addr(msrc, &zone->masq_src,
-				                   handle->family, false)) || first_src;
-			     first_src = false)
-			{
+					       handle->family, false)) ||
+			     first_src;
+			     first_src = false) {
 				for (first_dest = true, mdest = NULL;
 				     (mdest = next_addr(mdest, &zone->masq_dest,
-					                    handle->family, false)) || first_dest;
-				     first_dest = false)
-				{
+							handle->family,
+							false)) ||
+				     first_dest;
+				     first_dest = false) {
 					r = fw3_ipt_rule_new(handle);
 					fw3_ipt_rule_src_dest(r, msrc, mdest);
 					fw3_ipt_rule_target(r, "MASQUERADE");
-					fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+					fw3_ipt_rule_append(
+						r, "zone_%s_postrouting",
+						zone->name);
 				}
 			}
 		}
@@ -730,41 +758,36 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	print_interface_rules(handle, state, reload, zone);
 }
 
-void
-fw3_print_zone_chains(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                      bool reload)
+void fw3_print_zone_chains(struct fw3_ipt_handle *handle,
+			   struct fw3_state *state, bool reload)
 {
 	struct fw3_zone *zone;
 
-	list_for_each_entry(zone, &state->zones, list)
+	list_for_each_entry (zone, &state->zones, list)
 		print_zone_chain(handle, state, reload, zone);
 }
 
-void
-fw3_print_zone_rules(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                     bool reload)
+void fw3_print_zone_rules(struct fw3_ipt_handle *handle,
+			  struct fw3_state *state, bool reload)
 {
 	struct fw3_zone *zone;
 
-	list_for_each_entry(zone, &state->zones, list)
+	list_for_each_entry (zone, &state->zones, list)
 		print_zone_rule(handle, state, reload, zone);
 }
 
-void
-fw3_flush_zones(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                bool reload)
+void fw3_flush_zones(struct fw3_ipt_handle *handle, struct fw3_state *state,
+		     bool reload)
 {
 	struct fw3_zone *z, *tmp;
 	const struct fw3_chain_spec *c;
 	char chain[32];
 
-	list_for_each_entry_safe(z, tmp, &state->zones, list)
-	{
+	list_for_each_entry_safe (z, tmp, &state->zones, list) {
 		if (!has(z->flags, handle->family, handle->table))
 			continue;
 
-		for (c = zone_chains; c->format; c++)
-		{
+		for (c = zone_chains; c->format; c++) {
 			/* don't touch user chains on selective stop */
 			if (reload && c->flag == FW3_FLAG_CUSTOM_CHAINS)
 				continue;
@@ -793,17 +816,14 @@ fw3_flush_zones(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	}
 }
 
-void
-fw3_hotplug_zones(struct fw3_state *state, bool add)
+void fw3_hotplug_zones(struct fw3_state *state, bool add)
 {
 	struct fw3_zone *z;
 	struct fw3_device *d;
 
-	list_for_each_entry(z, &state->zones, list)
-	{
-		if (add != fw3_hasbit(z->flags[0], FW3_FLAG_HOTPLUG))
-		{
-			list_for_each_entry(d, &z->devices, list)
+	list_for_each_entry (z, &state->zones, list) {
+		if (add != fw3_hasbit(z->flags[0], FW3_FLAG_HOTPLUG)) {
+			list_for_each_entry (d, &z->devices, list)
 				fw3_hotplug(add, z, d);
 
 			if (add)
@@ -814,16 +834,14 @@ fw3_hotplug_zones(struct fw3_state *state, bool add)
 	}
 }
 
-struct fw3_zone *
-fw3_lookup_zone(struct fw3_state *state, const char *name)
+struct fw3_zone *fw3_lookup_zone(struct fw3_state *state, const char *name)
 {
 	struct fw3_zone *z;
 
 	if (list_empty(&state->zones))
 		return NULL;
 
-	list_for_each_entry(z, &state->zones, list)
-	{
+	list_for_each_entry (z, &state->zones, list) {
 		if (strcmp(z->name, name))
 			continue;
 
@@ -833,8 +851,8 @@ fw3_lookup_zone(struct fw3_state *state, const char *name)
 	return NULL;
 }
 
-struct list_head *
-fw3_resolve_zone_addresses(struct fw3_zone *zone, struct fw3_address *addr)
+struct list_head *fw3_resolve_zone_addresses(struct fw3_zone *zone,
+					     struct fw3_address *addr)
 {
 	struct fw3_device *net;
 	struct fw3_address *cur, *tmp;
@@ -846,23 +864,18 @@ fw3_resolve_zone_addresses(struct fw3_zone *zone, struct fw3_address *addr)
 
 	INIT_LIST_HEAD(all);
 
-	if (addr && addr->set)
-	{
+	if (addr && addr->set) {
 		tmp = malloc(sizeof(*tmp));
 
-		if (tmp)
-		{
+		if (tmp) {
 			*tmp = *addr;
 			list_add_tail(&tmp->list, all);
 		}
-	}
-	else
-	{
-		list_for_each_entry(net, &zone->networks, list)
+	} else {
+		list_for_each_entry (net, &zone->networks, list)
 			fw3_ubus_address(all, net->name);
 
-		list_for_each_entry(cur, &zone->subnets, list)
-		{
+		list_for_each_entry (cur, &zone->subnets, list) {
 			tmp = malloc(sizeof(*tmp));
 
 			if (!tmp)
diff --git a/zones.h b/zones.h
index d786736..6ed39bc 100644
--- a/zones.h
+++ b/zones.h
@@ -27,30 +27,28 @@
 
 extern const struct fw3_option fw3_zone_opts[];
 
-struct fw3_zone * fw3_alloc_zone(void);
+struct fw3_zone *fw3_alloc_zone(void);
 
 void fw3_load_zones(struct fw3_state *state, struct uci_package *p);
 
 void fw3_print_zone_chains(struct fw3_ipt_handle *handle,
-                           struct fw3_state *state, bool reload);
+			   struct fw3_state *state, bool reload);
 
 void fw3_print_zone_rules(struct fw3_ipt_handle *handle,
-                          struct fw3_state *state, bool reload);
+			  struct fw3_state *state, bool reload);
 
 void fw3_flush_zones(struct fw3_ipt_handle *handle, struct fw3_state *state,
-                     bool reload);
+		     bool reload);
 
 void fw3_hotplug_zones(struct fw3_state *state, bool add);
 
-struct fw3_zone * fw3_lookup_zone(struct fw3_state *state, const char *name);
+struct fw3_zone *fw3_lookup_zone(struct fw3_state *state, const char *name);
 
-struct list_head * fw3_resolve_zone_addresses(struct fw3_zone *zone,
-                                              struct fw3_address *addr);
+struct list_head *fw3_resolve_zone_addresses(struct fw3_zone *zone,
+					     struct fw3_address *addr);
 
-#define fw3_free_zone(zone) \
-	fw3_free_object(zone, fw3_zone_opts)
+#define fw3_free_zone(zone) fw3_free_object(zone, fw3_zone_opts)
 
-#define fw3_to_src_target(t) \
-	(FW3_FLAG_SRC_ACCEPT - FW3_FLAG_ACCEPT + t)
+#define fw3_to_src_target(t) (FW3_FLAG_SRC_ACCEPT - FW3_FLAG_ACCEPT + t)
 
 #endif
-- 
2.20.1


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list