Pass the new chain name to nft_chain_list_get() although that doesn't make sense (it is not supposed to be found). The reason is it avoids full chain list retrieval from kernel if not present already. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 904068a6404a6..2c05643f7d691 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1937,7 +1937,7 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c); - list = nft_chain_list_get(h, table, NULL); + list = nft_chain_list_get(h, table, chain); if (list) nftnl_chain_list_add(c, list); @@ -1977,7 +1977,7 @@ int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c); - list = nft_chain_list_get(h, table, NULL); + list = nft_chain_list_get(h, table, chain); if (list) nftnl_chain_list_add(c, list); -- 2.23.0