From 09f0d47b213de944303a320a70bf57e143bfed62 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 4 May 2018 11:25:00 +0200
Subject: iptables-compat: do not fail on restore if user chain exists

The following snippet fails if user chain FOO exists, but it should not fail:

	iptables-compat -F
	iptables-compat -N FOO
	iptables-compat-save > foo
	iptables-compat-restore < foo

Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/xtables-restore.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'iptables/xtables-restore.c')

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index fc39ad9c..3de496f8 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -191,7 +191,7 @@ struct nft_xt_restore_cb restore_cb = {
 	.commit		= nft_commit,
 	.abort		= nft_abort,
 	.chains_purge	= nft_table_purge_chains,
-	.rule_flush	= nft_rule_flush,
+	.table_flush	= nft_table_flush,
 	.chain_del	= chain_delete,
 	.do_command	= do_commandx,
 	.chain_set	= nft_chain_set,
@@ -270,8 +270,8 @@ void xtables_restore_parse(struct nft_handle *h,
 			if (noflush == 0) {
 				DEBUGP("Cleaning all chains of table '%s'\n",
 					table);
-				if (cb->rule_flush)
-					cb->rule_flush(h, NULL, table);
+				if (cb->table_flush)
+					cb->table_flush(h, table);
 			}
 
 			ret = 1;
-- 
cgit v1.2.3