xtables: Fix position of replaced rules in cache
When replacing a rule, the replacement was simply appended to the chain's rule list. Instead, insert it where the rule it replaces was. This also fixes for zero counters command to remove the old rule from cache. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
@@ -171,7 +171,7 @@ append_entry(struct nft_handle *h,
int ret = 1;
if (append)
- ret = nft_rule_append(h, chain, table, cs, 0, verbose);
+ ret = nft_rule_append(h, chain, table, cs, NULL, verbose);
ret = nft_rule_insert(h, chain, table, cs, rule_nr, verbose);