From 63ab4fe3a1919b668953542841f4397544c4bb15 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 15 Sep 2021 17:37:51 +0200
Subject: ebtables: Avoid dropping policy when flushing

Unlike nftables, ebtables' user-defined chains have policies -
ebtables-nft implements those internally as invisible last rule. In
order to recreate them after a flush command, a rule cache is needed.

https://bugzilla.netfilter.org/show_bug.cgi?id=1558
---
 iptables/nft-cmd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'iptables/nft-cmd.c')

diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index 35b39268..2d874bd4 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -167,7 +167,9 @@ int nft_cmd_rule_flush(struct nft_handle *h, const char *chain,
 	if (!cmd)
 		return 0;
 
-	if (chain || verbose)
+	if (h->family == NFPROTO_BRIDGE)
+		nft_cache_level_set(h, NFT_CL_RULES, cmd);
+	else if (chain || verbose)
 		nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
 	else
 		nft_cache_level_set(h, NFT_CL_TABLES, cmd);
-- 
cgit v1.2.3