This effectively flushes all built-in chains and removes user-defined ones. Since compat layer takes care of built-in table/chain creation, it is sufficient to just drop the relevant table. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/xtables-eb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index ac36270052e25..644bc63a747c6 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -1157,7 +1157,9 @@ print_zero: break;*/ /*case 7 :*/ /* atomic-init */ /*case 10:*/ /* atomic-save */ - /*case 11:*/ /* init-table */ + case 11: /* init-table */ + nft_table_flush(h, *table); + return 1; /* replace->command = c; if (OPT_COMMANDS) -- 2.18.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
