diff options
author | Phil Sutter <phil@nwl.cc> | 2022-12-15 16:17:35 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-12-20 21:49:38 +0100 |
commit | ec86937089a95ac57f149b70cbf740d69b9bd775 (patch) | |
tree | a8f558428f085a4e97f02a52ea52d1aa77992d13 /iptables | |
parent | 9075c3aa983d96c4331cb28fab5f30afd52bbb21 (diff) |
nft: Make rule parsing errors fatal
Finish parsing the rule, thereby printing all potential problems and
abort the program.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-shared.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index c13fc307..4a7b5406 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -1362,7 +1362,7 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h, nft_parse_range(&ctx, expr); if (ctx.errmsg) { - fprintf(stderr, "%s", ctx.errmsg); + fprintf(stderr, "Error: %s\n", ctx.errmsg); ctx.errmsg = NULL; ret = false; } @@ -1404,6 +1404,8 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h, if (!cs->jumpto) cs->jumpto = ""; + if (!ret) + xtables_error(VERSION_PROBLEM, "Parsing nftables rule failed"); return ret; } |