Just like with 'iptables-nft -L', we have to make sure the standard set
of chains exist for a given table when listing it using '-S' flag.
The added code was just copied over from nft_rule_list() which does the
same.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/iptables/nft.c b/iptables/nft.c
index 8c0746dd94b87..8a84998b961a7 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2441,6 +2441,23 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
struct nftnl_chain *c;
int ret = 1;
+ /* If built-in chains don't exist for this table, create them */
+ if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0) {
+ nft_xt_builtin_init(h, table);
+ /* Force table and chain creation, otherwise first iptables -L
+ * lists no table/chains.
+ */
+ if (!list_empty(&h->obj_list)) {
+ nft_commit(h);
+ flush_chain_cache(h, NULL);
+ }
+ }
+
+ if (!nft_is_table_compatible(h, table)) {
+ xtables_error(OTHER_PROBLEM, "table `%s' is incompatible, use 'nft' tool.\n", table);
+ return 0;
+ }
+
list = nft_chain_dump(h);
/* Dump policies and custom chains first */
--
2.18.0
