Legacy arptables allows arbitrary values passed after '-t' and just uses table 'filter' instead. Mimick this behaviour by just ignoring the parameter after invert flag checking (which legacy arptables indeed does). Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/xtables.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/iptables/xtables.c b/iptables/xtables.c index b8c4e2737a96a..c77d76c89a543 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -589,6 +589,8 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], if (invert) xtables_error(PARAMETER_PROBLEM, "unexpected ! flag before --table"); + if (h->family == NFPROTO_ARP) + break; if (p->restore && table_set) xtables_error(PARAMETER_PROBLEM, "The -t option (seen in line %u) cannot be used in %s.\n", -- 2.33.0
