diff options
| -rw-r--r-- | src/evaluate.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 759cdaaf..84fe89ee 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3786,8 +3786,9 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain) chain->hook.num = str2hooknum(chain->handle.family, chain->hook.name); if (chain->hook.num == NF_INET_NUMHOOKS) - return chain_error(ctx, chain, "invalid hook %s", - chain->hook.name); + return __stmt_binary_error(ctx, &chain->hook.loc, NULL, + "The %s family does not support this hook", + family2str(chain->handle.family)); if (!evaluate_priority(ctx, &chain->priority, chain->handle.family, chain->hook.num)) @@ -3799,6 +3800,12 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain) return chain_error(ctx, chain, "invalid policy expression %s", expr_name(chain->policy)); } + + if (chain->handle.family == NFPROTO_NETDEV) { + if (!chain->dev_expr) + return __stmt_binary_error(ctx, &chain->loc, NULL, + "Missing `device' in this chain definition"); + } } list_for_each_entry(rule, &chain->rules, list) { |