path: root/iptables/nft.h
diff options
authorPhil Sutter <>2018-08-06 17:21:53 +0200
committerFlorian Westphal <>2018-08-06 18:17:39 +0200
commit1679b2cb2cae2bb3ce8eff5444ba858a51310d4c (patch)
tree9097c7bd5db202d9418d2c99f7dd156a2d11b7b3 /iptables/nft.h
parent2ce9f65a374bad212899bc584d3e5f4698df6fc6 (diff)
xtables-restore: Improve user-defined chain detection
Legacy ebtables-save does not use a policy string of '-' to denote user-defined chains but instead lists them with a policy of ACCEPT. In order to use ebtables_restore_parse() for ebtables-save implementation, make use of builtin table definitions to decide whether a given chain is a builtin one or not. Signed-off-by: Phil Sutter <> Signed-off-by: Florian Westphal <>
Diffstat (limited to 'iptables/nft.h')
1 files changed, 2 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 5febb9f9..942cb6a0 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -68,6 +68,7 @@ bool nft_table_find(struct nft_handle *h, const char *tablename);
int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nftnl_chain_list *list);
int nft_table_flush(struct nft_handle *h, const char *table);
void nft_table_new(struct nft_handle *h, const char *table);
+struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table);
* Operations with chains.
@@ -84,6 +85,7 @@ int nft_chain_user_flush(struct nft_handle *h, struct nftnl_chain_list *list,
const char *chain, const char *table);
int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char *table, const char *newname);
int nft_chain_zero_counters(struct nft_handle *h, const char *chain, const char *table, bool verbose);
+struct builtin_chain *nft_chain_builtin_find(struct builtin_table *t, const char *chain);
* Operations with rule-set.