path: root/iptables
diff options
authorPhil Sutter <>2019-07-22 12:16:21 +0200
committerPablo Neira Ayuso <>2019-07-23 21:14:40 +0200
commit9449b90ec24cd71c4fe4212ed4970074e54dfa8a (patch)
tree7d35800da9e67bb24ea1cecf3a9e7e9f3cce3cff /iptables
parent8efec49e8684e8102cb69dc19c5ba07270b0f435 (diff)
xtables-save: Fix table compatibility check
The builtin table check guarding the 'is incompatible' warning was wrong: The idea was to print the warning only for incompatible tables which are builtin, not for others. Yet the code would print the warning only for non-builtin ones. Also reorder the checks: nft_table_builtin_find() is fast and therefore a quick way to bail for uninteresting tables. The compatibility check is needed for the remaining tables, only. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables')
1 files changed, 4 insertions, 3 deletions
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 0cf11f99..811ec633 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -67,11 +67,12 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters)
struct nftnl_chain_list *chain_list;
+ if (!nft_table_builtin_find(h, tablename))
+ return 0;
if (!nft_is_table_compatible(h, tablename)) {
- if (!nft_table_builtin_find(h, tablename))
- printf("# Table `%s' is incompatible, use 'nft' tool.\n",
- tablename);
+ printf("# Table `%s' is incompatible, use 'nft' tool.\n",
+ tablename);
return 0;