From 8d190e98564f0ed119f14444367970b7a4ecd7d2 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 28 May 2018 17:33:02 +0200
Subject: xtables: initialize basechains only once on ruleset restore

We cannot assume iptables-restore files always come with explicit
basechain definition, eg.

:PREROUTING ACCEPT

incremental ruleset updates may deliberately skip this.

But loading basechains over and over again can take time, so do it just
once per batch.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'iptables/nft.h')

diff --git a/iptables/nft.h b/iptables/nft.h
index 0cbf493e..9311662b 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -38,6 +38,7 @@ struct nft_handle {
 	struct builtin_table	*tables;
 	struct nftnl_rule_list	*rule_cache;
 	bool			restore;
+	int8_t			config_done;
 
 	/* meta data, for error reporting */
 	struct {
-- 
cgit v1.2.3