For NFT_COMPAT_RULE_DELETE jobs, batch_obj_del() has to do the rule freeing, they are no longer in cache. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iptables/nft.c b/iptables/nft.c index c0b5e2fc524a7..01268f7859e9b 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2680,8 +2680,8 @@ static void batch_obj_del(struct nft_handle *h, struct obj_update *o) case NFT_COMPAT_RULE_APPEND: case NFT_COMPAT_RULE_INSERT: case NFT_COMPAT_RULE_REPLACE: - case NFT_COMPAT_RULE_DELETE: break; + case NFT_COMPAT_RULE_DELETE: case NFT_COMPAT_RULE_FLUSH: nftnl_rule_free(o->rule); break; -- 2.25.1
