From 61e85e3192deaff3b9dd1eb9270863acc7a26311 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Sat, 14 Aug 2021 19:46:43 +0200
Subject: iptables-nft: allow removal of empty builtin chains

The only reason why this is prohibited is that you cannot do it
in iptables-legacy.

This removes the artifical limitation.

"iptables-nft -X" will leave the builtin chains alone;
Also, deletion is only permitted if the chain is empty.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/xtables-arp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'iptables/xtables-arp.c')

diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 4a351f0c..9a079f06 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -893,8 +893,8 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
 		ret = nft_cmd_chain_user_add(h, chain, *table);
 		break;
 	case CMD_DELETE_CHAIN:
-		ret = nft_cmd_chain_user_del(h, chain, *table,
-					 options & OPT_VERBOSE);
+		ret = nft_cmd_chain_del(h, chain, *table,
+					options & OPT_VERBOSE);
 		break;
 	case CMD_RENAME_CHAIN:
 		ret = nft_cmd_chain_user_rename(h, chain, *table, newname);
-- 
cgit v1.2.3