diff options
author | Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> | 2013-05-14 00:52:04 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:30 +0100 |
commit | 20c156f9f4c43857a622f015a3022517601c3600 (patch) | |
tree | 4361122ef02f480d22d1939691558c165c5c15f8 /iptables | |
parent | aa1601423175c90c37c3e6a3d6975d3e2eb74d1e (diff) |
xtables: policy can be changed only on builtin chain
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft.c | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 7e1b47bc..54951154 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -503,16 +503,9 @@ __nft_chain_set(struct nft_handle *h, const char *table, c = nft_chain_builtin_alloc(_t, _c, policy); if (c == NULL) return -1; - } else { - /* This is a custom chain */ - c = nft_chain_alloc(); - if (c == NULL) - return -1; - - nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table); - nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain); - nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy); + errno = ENOENT; + return -1; } if (counters) { |