path: root/iptables/xtables.c
diff options
authorPhil Sutter <>2018-08-16 18:07:07 +0200
committerPablo Neira Ayuso <>2018-08-16 19:43:47 +0200
commit6f29aa8e3486e2c12ab48425a7e9b01dd6417665 (patch)
tree9c418bb7565c400c1e3155ccd2d745c89c81128a /iptables/xtables.c
parent7bccf30750cb7ad7d56921c220a95a7781316a7b (diff)
xtables: Make 'iptables -S nonexisting' return non-zero
To be consistent with legacy iptables, calling -S with a non-existing chain should lead to an error message. This is how some scripts find out whether a user-defined chain exists or not. Make sure doing the same for an existing chain does succeed, even if an invalid rule number was given. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/xtables.c')
1 files changed, 1 insertions, 4 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 64081758..d9050b45 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -599,10 +599,7 @@ list_rules(struct nft_handle *h, const char *chain, const char *table,
if (counters)
counters = -1; /* iptables -c format */
- nft_rule_list_save(h, chain, table, rulenum, counters);
- /* iptables does not return error if rule number not found */
- return 1;
+ return nft_rule_list_save(h, chain, table, rulenum, counters);
static void command_jump(struct iptables_command_state *cs)