If the new name already exists, legacy iptables prints "File exists.".
This is a bit exotic, but more appropriate than "No chain/target/match
by that name." printed by iptables-nft without this patch.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index f42a1be734ba8..a297d9856001a 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1855,7 +1855,12 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
uint64_t handle;
int ret;
- nft_fn = nft_chain_user_add;
+ nft_fn = nft_chain_user_rename;
+
+ if (nft_chain_exists(h, table, newname)) {
+ errno = EEXIST;
+ return 0;
+ }
/* If built-in chains don't exist for this table, create them */
if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
@@ -2985,6 +2990,7 @@ const char *nft_strerror(int err)
{ nft_chain_user_del, EMLINK,
"Can't delete chain with references left" },
{ nft_chain_user_add, EEXIST, "Chain already exists" },
+ { nft_chain_user_rename, EEXIST, "File exists" },
{ nft_rule_insert, E2BIG, "Index of insertion too big" },
{ nft_rule_check, ENOENT, "Bad rule (does a matching rule exist in that chain?)" },
{ nft_rule_replace, E2BIG, "Index of replacement too big" },
--
2.20.1
