diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-07 15:32:33 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-07 17:40:12 +0200 |
commit | df3d92bec600720b2fb50470212ed7cd1ef00c36 (patch) | |
tree | 4c354c4ed764231a01c2bb2da450c59253fc247b /iptables/nft-shared.h | |
parent | ca165845f7ec63522dbfc5ffd50589845f352d7b (diff) |
xtables-compat-restore: flush user-defined chains with -n
-n still flushes user-defined chains and its content, the following snippet:
iptables-compat -N FOO
iptables-compat -I INPUT
iptables-compat -I FOO
iptables-compat -I FOO
iptables-compat-save > A
iptables-compat-restore < A
iptables-compat -N BAR
iptables-compat -A BAR
iptables-compat-restore -n < A
results in:
iptables-compat-save
# Generated by xtables-save v1.6.2 on Mon May 7 17:18:44 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:BAR - [0:0]
:FOO - [0:0]
-A INPUT
-A INPUT
-A BAR
-A FOO
-A FOO
COMMIT
# Completed on Mon May 7 17:18:44 2018
Still, user-defined chains that are not re-defined, such as BAR, are
left in place.
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.h')
-rw-r--r-- | iptables/nft-shared.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 56b270e5..34027af9 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -248,6 +248,9 @@ struct nft_xt_restore_cb { struct nftnl_chain_list *(*chain_list)(struct nft_handle *h); void (*chain_del)(struct nftnl_chain_list *clist, const char *curtable, const char *chain); + int (*chain_user_flush)(struct nft_handle *h, + struct nftnl_chain_list *clist, + const char *table, const char *chain); int (*chain_set)(struct nft_handle *h, const char *table, const char *chain, const char *policy, const struct xt_counters *counters); |