[iptables PATCH] ebtables: Avoid dropping policy when flushing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Unlike nftables, ebtables' user-defined chains have policies -
ebtables-nft implements those internally as invisible last rule. In
order to recreate them after a flush command, a rule cache is needed.

https://bugzilla.netfilter.org/show_bug.cgi?id=1558
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-cmd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index 87e66905655d6..efe6840f78ed7 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -167,7 +167,9 @@ int nft_cmd_rule_flush(struct nft_handle *h, const char *chain,
 	if (!cmd)
 		return 0;
 
-	if (chain || verbose)
+	if (h->family == NFPROTO_BRIDGE)
+		nft_cache_level_set(h, NFT_CL_RULES, cmd);
+	else if (chain || verbose)
 		nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
 	else
 		nft_cache_level_set(h, NFT_CL_TABLES, cmd);
-- 
2.33.0




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux