diff options
author | Phil Sutter <phil@nwl.cc> | 2021-09-15 17:37:51 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2021-09-15 18:12:58 +0200 |
commit | 63ab4fe3a1919b668953542841f4397544c4bb15 (patch) | |
tree | 70dd90d85c4ed278078a808f58cc75182a5fe59f /iptables/nft-cmd.c | |
parent | b714d45dc4c2423d4df4cbf7ccf238ec441675ef (diff) |
ebtables: Avoid dropping policy when flushing
Unlike nftables, ebtables' user-defined chains have policies -
ebtables-nft implements those internally as invisible last rule. In
order to recreate them after a flush command, a rule cache is needed.
https://bugzilla.netfilter.org/show_bug.cgi?id=1558
Diffstat (limited to 'iptables/nft-cmd.c')
-rw-r--r-- | iptables/nft-cmd.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index 35b39268..2d874bd4 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -167,7 +167,9 @@ int nft_cmd_rule_flush(struct nft_handle *h, const char *chain, if (!cmd) return 0; - if (chain || verbose) + if (h->family == NFPROTO_BRIDGE) + nft_cache_level_set(h, NFT_CL_RULES, cmd); + else if (chain || verbose) nft_cache_level_set(h, NFT_CL_CHAINS, cmd); else nft_cache_level_set(h, NFT_CL_TABLES, cmd); |