path: root/iptables
diff options
authorPhil Sutter <>2019-07-25 17:19:13 +0200
committerPablo Neira Ayuso <>2019-07-29 15:17:51 +0200
commit719940f6f48d98f5b7aebe7562948f2cff6f5cf8 (patch)
treec96bbc6f279781750603584e0fbfb0b8f43eb55a /iptables
parentd76475ce1c30f6c3e3f3ca85964bdfc4425acb81 (diff)
nft: Set errno in nft_rule_flush()
When trying to flush a non-existent chain, errno gets set in nft_xtables_config_load(). That is an unintended side-effect and when support for xtables.conf is later removed, iptables-nft will emit the generic "Incompatible with this kernel." error message instead of "No chain/target/match by that name." as it should. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables')
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index cd42af70..9f8df541 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1804,8 +1804,10 @@ int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table,
if (chain) {
c = nftnl_chain_list_lookup_byname(list, chain);
- if (!c)
+ if (!c) {
+ errno = ENOENT;
return 0;
+ }
__nft_rule_flush(h, table, chain, verbose, false);