path: root/iptables/nft.c
diff options
authorPhil Sutter <>2018-08-03 15:55:55 +0200
committerFlorian Westphal <>2018-08-04 23:30:20 +0200
commit206033ede9461e1fc57590c5c1cefdb75235d99d (patch)
treec26fee3e17b51914ef64bf268b5a065aeecc8cfb /iptables/nft.c
parenta0698de9866d2e0ede5eee961a9da38e0ede7062 (diff)
xtables: Fix for no output on first iptables-nft invocation
Fix the same issue commit a4e78370af849 ("iptables-compat: fix empty chains after first invocation of iptables-compat -L") fixed back in 2014. Seems like some changes since then broke it again. This time, existing cache not containing the added table/chains gets into the way, so clear it if nft_commit() was called. Signed-off-by: Phil Sutter <> Signed-off-by: Florian Westphal <>
Diffstat (limited to 'iptables/nft.c')
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 098b37ed..f9bd0ed2 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2235,8 +2235,10 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
/* Force table and chain creation, otherwise first iptables -L
* lists no table/chains.
- if (!list_empty(&h->obj_list))
+ if (!list_empty(&h->obj_list)) {
+ flush_chain_cache(h, NULL);
+ }
ops = nft_family_ops_lookup(h->family);