From 3bbe7c1a0a2a3bab261aeb00cf4c5adcc96bf109 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 20 Jan 2013 20:18:02 +0100
Subject: xtables-restore: fix custom user chain restoration

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/xtables-restore.c | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

(limited to 'iptables/xtables-restore.c')

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index e83eacc3..f6009776 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -331,20 +331,29 @@ xtables_restore_main(int argc, char *argv[])
 							   "for chain '%s'\n", chain);
 
 				}
-
+				if (nft_chain_set(&h, curtable, chain, policy, &count) < 0) {
+					xtables_error(OTHER_PROBLEM,
+						      "Can't set policy `%s'"
+						      " on `%s' line %u: %s\n",
+						      policy, chain, line,
+						      ops->strerror(errno));
+				}
 				DEBUGP("Setting policy of chain %s to %s\n",
-					chain, policy);
-			}
+				       chain, policy);
+				ret = 1;
 
-			if (nft_chain_set(&h, curtable, chain, policy, &count) < 0) {
-				xtables_error(OTHER_PROBLEM,
-					"Can't set policy `%s'"
-					" on `%s' line %u: %s\n",
-					policy, chain, line,
-					ops->strerror(errno));
-			}
+			} else {
+				if (nft_chain_user_add(&h, chain, curtable) < 0) {
+					if (errno == EEXIST)
+						continue;
 
-			ret = 1;
+					xtables_error(PARAMETER_PROBLEM,
+						      "cannot create chain "
+						      "'%s' (%s)\n", chain,
+						      strerror(errno));
+				}
+				continue;
+			}
 
 		} else if (in_table) {
 			int a;
-- 
cgit v1.2.3