Allowing this segfaults the program. The deny is in line with legacy ebtables, so no point in implementing support for that. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/xtables-eb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index 3d15063e80e91..b986fd9e84799 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -1077,6 +1077,9 @@ print_zero: flags |= LIST_MAC2; break; case 11: /* init-table */ + if (restore) + xtables_error(PARAMETER_PROBLEM, + "--init-table is not supported in daemon mode"); nft_cmd_table_flush(h, *table, false); return 1; case 13 : -- 2.34.1
