diff options
author | Phil Sutter <phil@nwl.cc> | 2020-07-10 18:23:50 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-12-21 18:33:21 +0100 |
commit | fd4b9bf08b9eb4994bbba426426a978c5b9af590 (patch) | |
tree | 5e4242fa03bda4186ccf1e3a49b30e58dec90ac3 /iptables/nft.h | |
parent | e28cf12cf50b9e2e0114f04331635fc122cb8aef (diff) |
nft: Avoid pointless table/chain creation
Accept a chain name in nft_xt_builtin_init() to limit the base chain
creation to that specific chain only.
Introduce nft_xt_builtin_table_init() to create just the table for
situations where no builtin chains are needed but the command may still
succeed in an empty ruleset, particularly when creating a custom chain,
restoring base chains or adding a set for ebtables among match.
Introduce nft_xt_fake_builtin_chains(), a function to call after cache
has been populated to fill empty base chain slots. This keeps ruleset
listing output intact if some base chains do not exist (or even the
whole ruleset is completely empty).
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft.h')
-rw-r--r-- | iptables/nft.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h index 1a2506ee..0910f82a 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -136,6 +136,7 @@ bool nft_table_find(struct nft_handle *h, const char *tablename); int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nftnl_chain_list *list); int nft_table_flush(struct nft_handle *h, const char *table); const struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table); +int nft_xt_fake_builtin_chains(struct nft_handle *h, const char *table, const char *chain); /* * Operations with chains. |