When trying to flush a non-existent chain, errno gets set in
nft_xtables_config_load(). That is an unintended side-effect and when
support for xtables.conf is later removed, iptables-nft will emit the
generic "Incompatible with this kernel." error message instead of "No
chain/target/match by that name." as it should.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index cd42af70b54ef..9f8df5414d4c4 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1804,8 +1804,10 @@ int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table,
if (chain) {
c = nftnl_chain_list_lookup_byname(list, chain);
- if (!c)
+ if (!c) {
+ errno = ENOENT;
return 0;
+ }
__nft_rule_flush(h, table, chain, verbose, false);
flush_rule_cache(c);
--
2.22.0
