diff options
author | Florian Westphal <fw@strlen.de> | 2021-08-14 19:46:43 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2021-09-07 14:16:07 +0200 |
commit | 61e85e3192deaff3b9dd1eb9270863acc7a26311 (patch) | |
tree | 2f5d28c03235d25b2cef5f1e0f64b928ed551c5f /iptables/nft-cmd.c | |
parent | 544e7dc1541e4db3abc9896ff757e7642c97738e (diff) |
iptables-nft: allow removal of empty builtin chains
The only reason why this is prohibited is that you cannot do it
in iptables-legacy.
This removes the artifical limitation.
"iptables-nft -X" will leave the builtin chains alone;
Also, deletion is only permitted if the chain is empty.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft-cmd.c')
-rw-r--r-- | iptables/nft-cmd.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index 87e66905..35b39268 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -205,12 +205,12 @@ int nft_cmd_chain_user_add(struct nft_handle *h, const char *chain, return 1; } -int nft_cmd_chain_user_del(struct nft_handle *h, const char *chain, - const char *table, bool verbose) +int nft_cmd_chain_del(struct nft_handle *h, const char *chain, + const char *table, bool verbose) { struct nft_cmd *cmd; - cmd = nft_cmd_new(h, NFT_COMPAT_CHAIN_USER_DEL, table, chain, NULL, -1, + cmd = nft_cmd_new(h, NFT_COMPAT_CHAIN_DEL, table, chain, NULL, -1, verbose); if (!cmd) return 0; @@ -317,7 +317,7 @@ int nft_cmd_table_flush(struct nft_handle *h, const char *table, bool verbose) if (verbose) { return nft_cmd_rule_flush(h, NULL, table, verbose) && - nft_cmd_chain_user_del(h, NULL, table, verbose); + nft_cmd_chain_del(h, NULL, table, verbose); } cmd = nft_cmd_new(h, NFT_COMPAT_TABLE_FLUSH, table, NULL, NULL, -1, |