xtables: policy can be changed only on builtin chain

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> 2013-05-14 00:52:04 +0000
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-30 23:50:30 +0100
commit: 20c156f9f4c43857a622f015a3022517601c3600 (patch)
tree: 4361122ef02f480d22d1939691558c165c5c15f8 /iptables/nft.c
parent: aa1601423175c90c37c3e6a3d6975d3e2eb74d1e (diff)
1 files changed, 2 insertions, 9 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 7e1b47bc..54951154 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -503,16 +503,9 @@ __nft_chain_set(struct nft_handle *h, const char *table,
 		c = nft_chain_builtin_alloc(_t, _c, policy);
 		if (c == NULL)
 			return -1;
-
 	} else {
-		/* This is a custom chain */
-		c = nft_chain_alloc();
-		if (c == NULL)
-			return -1;
-
-		nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table);
-		nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain);
-		nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy);
+		errno = ENOENT;
+		return -1;
 	}
 
 	if (counters) {
author	Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>	2013-05-14 00:52:04 +0000
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-30 23:50:30 +0100
commit	20c156f9f4c43857a622f015a3022517601c3600 (patch)
tree	4361122ef02f480d22d1939691558c165c5c15f8 /iptables/nft.c
parent	aa1601423175c90c37c3e6a3d6975d3e2eb74d1e (diff)