diff options
author | Phil Sutter <phil@nwl.cc> | 2019-01-15 23:23:04 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-18 02:42:08 +0100 |
commit | 5ca9acf51adf9dcc8e0d82cd8f5b9b2514f900ee (patch) | |
tree | 62295273bac218be53870f88dc46f527f5ec78d2 /iptables/xtables.c | |
parent | 2b801fc515ae094d04207e840ed191196292b968 (diff) |
xtables: Fix position of replaced rules in cache
When replacing a rule, the replacement was simply appended to the
chain's rule list. Instead, insert it where the rule it replaces was.
This also fixes for zero counters command to remove the old rule from
cache.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xtables.c')
-rw-r--r-- | iptables/xtables.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c index da11e8cc..d0167e63 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -406,7 +406,7 @@ add_entry(const char *chain, if (append) { ret = nft_rule_append(h, chain, table, - cs, 0, + cs, NULL, verbose); } else { ret = nft_rule_insert(h, chain, table, @@ -426,7 +426,7 @@ add_entry(const char *chain, &d.mask.v6[j], sizeof(struct in6_addr)); if (append) { ret = nft_rule_append(h, chain, table, - cs, 0, + cs, NULL, verbose); } else { ret = nft_rule_insert(h, chain, table, |