path: root/iptables/nft.h
authorPablo Neira Ayuso <>2018-05-28 17:33:02 +0200
committerPablo Neira Ayuso <>2018-05-28 23:51:06 +0200
commit8d190e98564f0ed119f14444367970b7a4ecd7d2 (patch)
tree0fa60adb291bfb0cd0d242eb190a2e9f4b6c39b4 /iptables/nft.h
parent0a8635183edd097916937cc7de5a29fbea9b8d2a (diff)
xtables: initialize basechains only once on ruleset restore
We cannot assume iptables-restore files always come with explicit basechain definition, eg. :PREROUTING ACCEPT incremental ruleset updates may deliberately skip this. But loading basechains over and over again can take time, so do it just once per batch. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft.h')
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 0cbf493e..9311662b 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -38,6 +38,7 @@ struct nft_handle {
struct builtin_table *tables;
struct nftnl_rule_list *rule_cache;
bool restore;
+ int8_t config_done;
/* meta data, for error reporting */
struct {