1 files changed, 14 insertions, 14 deletions

diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index f3dfa488..6e509507 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -163,6 +163,20 @@ static int nft_bridge_add(struct nft_handle *h,
 	struct ebt_entry *fw = &cs->eb;
 	uint32_t op;
 
+	if (fw->bitmask & EBT_ISOURCE) {
+		op = nft_invflags2cmp(fw->invflags, EBT_ISOURCE);
+		add_addr(h, r, NFT_PAYLOAD_LL_HEADER,
+			 offsetof(struct ethhdr, h_source),
+			 fw->sourcemac, fw->sourcemsk, ETH_ALEN, op);
+	}
+
+	if (fw->bitmask & EBT_IDEST) {
+		op = nft_invflags2cmp(fw->invflags, EBT_IDEST);
+		add_addr(h, r, NFT_PAYLOAD_LL_HEADER,
+			 offsetof(struct ethhdr, h_dest),
+			 fw->destmac, fw->destmsk, ETH_ALEN, op);
+	}
+
 	if (fw->in[0] != '\0') {
 		op = nft_invflags2cmp(fw->invflags, EBT_IIN);
 		add_iniface(h, r, fw->in, op);
@@ -183,20 +197,6 @@ static int nft_bridge_add(struct nft_handle *h,
 		add_logical_outiface(h, r, fw->logical_out, op);
 	}
 
-	if (fw->bitmask & EBT_ISOURCE) {
-		op = nft_invflags2cmp(fw->invflags, EBT_ISOURCE);
-		add_addr(h, r, NFT_PAYLOAD_LL_HEADER,
-			 offsetof(struct ethhdr, h_source),
-			 fw->sourcemac, fw->sourcemsk, ETH_ALEN, op);
-	}
-
-	if (fw->bitmask & EBT_IDEST) {
-		op = nft_invflags2cmp(fw->invflags, EBT_IDEST);
-		add_addr(h, r, NFT_PAYLOAD_LL_HEADER,
-			 offsetof(struct ethhdr, h_dest),
-			 fw->destmac, fw->destmsk, ETH_ALEN, op);
-	}
-
 	if ((fw->bitmask & EBT_NOPROTO) == 0) {
 		uint16_t ethproto = fw->ethproto;
 		uint8_t reg;