diff options
-rw-r--r-- | iptables/nft-cache.c | 15 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 | 2 |
2 files changed, 14 insertions, 3 deletions
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c index bd19b6df..6b6e6da4 100644 --- a/iptables/nft-cache.c +++ b/iptables/nft-cache.c @@ -223,8 +223,19 @@ int nft_cache_add_chain(struct nft_handle *h, const struct builtin_table *t, h->cache->table[t->type].base_chains[hooknum] = nc; } else { - list_add_tail(&nc->head, - &h->cache->table[t->type].chains->list); + struct nft_chain_list *clist = h->cache->table[t->type].chains; + struct list_head *pos = &clist->list; + struct nft_chain *cur; + const char *n; + + list_for_each_entry(cur, &clist->list, head) { + n = nftnl_chain_get_str(cur->nftnl, NFTNL_CHAIN_NAME); + if (strcmp(cname, n) <= 0) { + pos = &cur->head; + break; + } + } + list_add_tail(&nc->head, pos); } hlist_add_head(&nc->hnode, chain_name_hlist(h, t, cname)); return 0; diff --git a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 index b84f63a7..ccdef19c 100755 --- a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 +++ b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 @@ -70,8 +70,8 @@ DUMP='*filter :INPUT ACCEPT :FORWARD DROP :OUTPUT ACCEPT -:foo ACCEPT :bar RETURN +:foo ACCEPT -A INPUT -p IPv4 -i lo -j ACCEPT -A FORWARD -j foo -A OUTPUT -s Broadcast -j DROP |