From ec86937089a95ac57f149b70cbf740d69b9bd775 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 15 Dec 2022 16:17:35 +0100
Subject: nft: Make rule parsing errors fatal

Finish parsing the rule, thereby printing all potential problems and
abort the program.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft-shared.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index c13fc307..4a7b5406 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -1362,7 +1362,7 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
 			nft_parse_range(&ctx, expr);
 
 		if (ctx.errmsg) {
-			fprintf(stderr, "%s", ctx.errmsg);
+			fprintf(stderr, "Error: %s\n", ctx.errmsg);
 			ctx.errmsg = NULL;
 			ret = false;
 		}
@@ -1404,6 +1404,8 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
 	if (!cs->jumpto)
 		cs->jumpto = "";
 
+	if (!ret)
+		xtables_error(VERSION_PROBLEM, "Parsing nftables rule failed");
 	return ret;
 }
 
-- 
cgit v1.2.3