On Fri, Jul 31, 2020 at 06:31:25PM +0200, Phil Sutter wrote: > If ruleset is flushed while an instance of iptables-nft-restore is > running and has seen a COMMIT line once, it doesn't notice the > disappeared table while handling the next COMMIT. This is due to table > existence being tracked via 'initialized' boolean which is only reset > by nft_table_flush(). > > To fix this, drop the dedicated 'initialized' boolean and switch users > to the recently introduced 'exists' one. > > As a side-effect, this causes base chain existence being checked for > each command calling nft_xt_builtin_init() as the old 'initialized' bit > was used to track if that function has been called before or not. > > Signed-off-by: Phil Sutter <phil@xxxxxx> Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
