Unlike nftables, ebtables' user-defined chains have policies - ebtables-nft implements those internally as invisible last rule. In order to recreate them after a flush command, a rule cache is needed. https://bugzilla.netfilter.org/show_bug.cgi?id=1558 Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft-cmd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index 87e66905655d6..efe6840f78ed7 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -167,7 +167,9 @@ int nft_cmd_rule_flush(struct nft_handle *h, const char *chain, if (!cmd) return 0; - if (chain || verbose) + if (h->family == NFPROTO_BRIDGE) + nft_cache_level_set(h, NFT_CL_RULES, cmd); + else if (chain || verbose) nft_cache_level_set(h, NFT_CL_CHAINS, cmd); else nft_cache_level_set(h, NFT_CL_TABLES, cmd); -- 2.33.0
