summaryrefslogtreecommitdiffstats
path: root/iptables/xtables.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2014-02-11 14:24:06 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2014-02-11 14:28:34 +0100
commit5cab9c3c8209e9491f0f252e03dd48ae4cb5ab63 (patch)
treee3d3754810251b1ade92d97481def1c52d389567 /iptables/xtables.c
parentd007e1a59e4beaddab430992302d43b122ffc801 (diff)
nft-compat: fix wrong protocol context in initialization
This fixes matches/targets that are dependent on that IPv4/Ipv6 context, eg. # ip6tables-compat -I INPUT -j REJECT --reject-with icmp6-addr-unreachable # ip6tables-compat-save ... -A INPUT -j REJECT --reject-with icmp6-port-unreachable Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xtables.c')
-rw-r--r--iptables/xtables.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 7a8ace3d..45a5ac63 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -691,7 +691,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
struct xtables_rule_match *matchp;
struct xtables_target *t;
struct xtables_args args = {
- .family = AF_INET,
+ .family = h->family,
};
memset(&cs, 0, sizeof(cs));
@@ -716,8 +716,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
demand-load a protocol. */
opterr = 0;
- /* Default on AF_INET */
- h->ops = nft_family_ops_lookup(AF_INET);
+ h->ops = nft_family_ops_lookup(h->family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM, "Unknown family");