diff options
-rw-r--r-- | iptables/nft-shared.h | 1 | ||||
-rw-r--r-- | iptables/xtables-translate.c | 1 | ||||
-rw-r--r-- | iptables/xtables.c | 6 |
3 files changed, 5 insertions, 3 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 1281f080..e3ecdb4d 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -233,6 +233,7 @@ struct nft_xt_cmd_parse { const char *policy; bool restore; int verbose; + bool xlate; }; void do_parse(struct nft_handle *h, int argc, char *argv[], diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index f4c0f9cf..849c53f3 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -216,6 +216,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[], struct nft_xt_cmd_parse p = { .table = *table, .restore = restore, + .xlate = true, }; struct iptables_command_state cs; struct xtables_args args = { diff --git a/iptables/xtables.c b/iptables/xtables.c index e0343dba..0038804e 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -1063,16 +1063,16 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], p->chain); } - if (!nft_chain_exists(h, p->table, p->chain)) + if (!p->xlate && !nft_chain_exists(h, p->table, p->chain)) xtables_error(OTHER_PROBLEM, "Chain '%s' does not exist", cs->jumpto); - if (!cs->target && strlen(cs->jumpto) > 0 && + if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 && !nft_chain_exists(h, p->table, cs->jumpto)) xtables_error(PARAMETER_PROBLEM, "Chain '%s' does not exist", cs->jumpto); } - if (p->command == CMD_NEW_CHAIN && + if (!p->xlate && p->command == CMD_NEW_CHAIN && nft_chain_exists(h, p->table, p->chain)) xtables_error(OTHER_PROBLEM, "Chain already exists"); } |