diff options
| author | Florian Westphal <fw@strlen.de> | 2018-04-27 12:53:48 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2018-04-27 12:58:23 +0200 |
| commit | 98408697fd8505bc8337d1e03b0e2f0374e4f36a (patch) | |
| tree | 18935a1dbddfb9a41516f2ed669dba1f561e5d22 | |
| parent | 7a37d1407e4446e7e84ec038bf4d2d3dac9f2138 (diff) | |
nft: arptables: remove obsolete forward hook definition
Its not supported anymore as of 4.13, and it did not work
before this either (arp packets cannot be routed).
This unbreaks arptables-compat -- without this fix kernel rejects the
incoming ruleset skeleton.
filtering forwarded arp packets on a bridge can be done either via
'netdev' or 'bridge' families.
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | iptables/nft.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 2610de44..c1cf16cd 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -457,12 +457,6 @@ struct builtin_table xtables_arp[TABLES_MAX] = { .hook = NF_ARP_IN, }, { - .name = "FORWARD", - .type = "filter", - .prio = NF_IP_PRI_FILTER, - .hook = NF_ARP_FORWARD, - }, - { .name = "OUTPUT", .type = "filter", .prio = NF_IP_PRI_FILTER, |