diff options
author | Phil Sutter <phil@nwl.cc> | 2018-09-06 19:33:20 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-10 15:20:13 +0200 |
commit | 7345037e08a385e078350de1006f5ee2299cd2ef (patch) | |
tree | da8d4db8777caf9d610aa10190c32478e0407e9e /extensions | |
parent | 7df11d1699ceaf4a841a46a42f446aec5593efd3 (diff) |
xtables-restore: Fix flushing referenced custom chains
The logic to replicate 'iptables-restore --noflush' behaviour of
flushing custom chains if listed in the dump was broken for chains being
referenced. A minimal dump reproducing the issue is:
| *filter
| :foobar - [0:0]
| -I INPUT -j foobar
| -A foobar -j ACCEPT
| COMMIT
With --noflush, this can be restored just once in iptables-nft-restore.
Consecutive attempts return an error since xtables tries to delete the
referenced chain and recreate it instead of performing a real flush.
Fix this by really flushing the custom chain in 'chain_user_flush'
callback and running 'chain_user_add' callback only if the chain doesn't
exist already.
Fixes: df3d92bec6007 ("xtables-compat-restore: flush user-defined chains with -n")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions')
0 files changed, 0 insertions, 0 deletions