summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--iptables/nft.c17
-rw-r--r--iptables/xtables-config-parser.y3
2 files changed, 19 insertions, 1 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index bbe5e396..df4122cb 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2853,6 +2853,8 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
struct nft_chain_list_iter *citer;
struct nft_table *table;
struct nft_chain *chain;
+ uint32_t table_family, chain_family;
+ bool found = false;
if (xtables_config_parse(filename, table_list, chain_list) < 0) {
if (errno == ENOENT) {
@@ -2870,6 +2872,13 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
/* Stage 1) create tables */
titer = nft_table_list_iter_create(table_list);
while ((table = nft_table_list_iter_next(titer)) != NULL) {
+ table_family = nft_table_attr_get_u32(table,
+ NFT_TABLE_ATTR_FAMILY);
+ if (h->family != table_family)
+ continue;
+
+ found = true;
+
if (nft_table_add(h, table) < 0) {
if (errno == EEXIST) {
xtables_config_perror(flags,
@@ -2892,9 +2901,17 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
nft_table_list_iter_destroy(titer);
nft_table_list_free(table_list);
+ if (!found)
+ return -1;
+
/* Stage 2) create chains */
citer = nft_chain_list_iter_create(chain_list);
while ((chain = nft_chain_list_iter_next(citer)) != NULL) {
+ chain_family = nft_chain_attr_get_u32(chain,
+ NFT_CHAIN_ATTR_TABLE);
+ if (h->family != chain_family)
+ continue;
+
if (nft_chain_add(h, chain) < 0) {
if (errno == EEXIST) {
xtables_config_perror(flags,
diff --git a/iptables/xtables-config-parser.y b/iptables/xtables-config-parser.y
index e7a8a07e..36dae38d 100644
--- a/iptables/xtables-config-parser.y
+++ b/iptables/xtables-config-parser.y
@@ -228,7 +228,8 @@ int xtables_config_parse(char *filename, struct nft_table_list *table_list,
}
nft_chain_attr_set(chain, NFT_CHAIN_ATTR_TABLE,
(char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
- nft_table_attr_set_u32(table, NFT_CHAIN_ATTR_FAMILY, family);
+ nft_chain_attr_set_u32(chain, NFT_CHAIN_ATTR_FAMILY,
+ nft_table_attr_get_u32(table, NFT_TABLE_ATTR_FAMILY));
nft_chain_attr_set_s32(chain, NFT_CHAIN_ATTR_PRIO, prio);
nft_chain_attr_set(chain, NFT_CHAIN_ATTR_NAME, e->data);
/* Intentionally prepending, instead of appending */