The empty string passed as interface name is simply ignored. Calling xtables_parse_interface() with an empty string is safe. Note that arptables-legacy seems not to ignore inverted empty interfacess, they appear in '-L' output as such: | -j ACCEPT -i * ! -o * , pcnt=0 -- bcnt=0 Yet they don't appear in arptables-save output. Given that inverted "any interface" will never match, there's probably no point in sticking to this inconsistency. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/xtables.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iptables/xtables.c b/iptables/xtables.c index 23d7d29169ca0..5b5c875dc3a6c 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -533,7 +533,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], break; case 'i': - if (*optarg == '\0') + if (*optarg == '\0' && h->family != NFPROTO_ARP) xtables_error(PARAMETER_PROBLEM, "Empty interface is likely to be " "undesired"); @@ -545,7 +545,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], break; case 'o': - if (*optarg == '\0') + if (*optarg == '\0' && h->family != NFPROTO_ARP) xtables_error(PARAMETER_PROBLEM, "Empty interface is likely to be " "undesired"); -- 2.33.0
