From 276346f6659b700306070545f51c1a6060972f16 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 2 Jun 2021 10:13:26 +0200
Subject: ebtables-restore: Deny --init-table

Allowing this segfaults the program. The deny is in line with legacy
ebtables, so no point in implementing support for that.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-eb.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'iptables/xtables-eb.c')

diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 3d15063e..b986fd9e 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -1077,6 +1077,9 @@ print_zero:
 			flags |= LIST_MAC2;
 			break;
 		case 11: /* init-table */
+			if (restore)
+				xtables_error(PARAMETER_PROBLEM,
+					      "--init-table is not supported in daemon mode");
 			nft_cmd_table_flush(h, *table, false);
 			return 1;
 		case 13 :
-- 
cgit v1.2.3