ebtables: Avoid dropping policy when flushing

Unlike nftables, ebtables' user-defined chains have policies - ebtables-nft implements those internally as invisible last rule. In order to recreate them after a flush command, a rule cache is needed. https://bugzilla.netfilter.org/show_bug.cgi?id=1558
author: Phil Sutter <phil@nwl.cc> 2021-09-15 17:37:51 +0200
committer: Phil Sutter <phil@nwl.cc> 2021-09-15 18:12:58 +0200
commit: 63ab4fe3a1919b668953542841f4397544c4bb15 (patch)
tree: 70dd90d85c4ed278078a808f58cc75182a5fe59f /iptables/nft-cmd.c
parent: b714d45dc4c2423d4df4cbf7ccf238ec441675ef (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index 35b39268..2d874bd4 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -167,7 +167,9 @@ int nft_cmd_rule_flush(struct nft_handle *h, const char *chain,
 	if (!cmd)
 		return 0;
 
-	if (chain || verbose)
+	if (h->family == NFPROTO_BRIDGE)
+		nft_cache_level_set(h, NFT_CL_RULES, cmd);
+	else if (chain || verbose)
 		nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
 	else
 		nft_cache_level_set(h, NFT_CL_TABLES, cmd);
author	Phil Sutter <phil@nwl.cc>	2021-09-15 17:37:51 +0200
committer	Phil Sutter <phil@nwl.cc>	2021-09-15 18:12:58 +0200
commit	63ab4fe3a1919b668953542841f4397544c4bb15 (patch)
tree	70dd90d85c4ed278078a808f58cc75182a5fe59f /iptables/nft-cmd.c
parent	b714d45dc4c2423d4df4cbf7ccf238ec441675ef (diff)