If passed a rulenum > 0, the function uses nftnl_rule_lookup_byindex() and returns early. Negative rulenum values are not supposed to happen, so the remaining code which iterates over the full list of rules does not need to respect rulenum anymore. Fixes: 039b048965210 ("nft: Make use of nftnl_rule_lookup_byindex()") Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 8d0d10177f5ed..cafa82a420856 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2231,18 +2231,7 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c, r = nftnl_rule_iter_next(iter); while (r != NULL) { - rule_ctr++; - - if (rulenum > 0 && rule_ctr != rulenum) { - /* List by rule number case */ - goto next; - } - - cb(r, rule_ctr, format); - if (rulenum > 0) - break; - -next: + cb(r, ++rule_ctr, format); r = nftnl_rule_iter_next(iter); } -- 2.20.1