Implicit chain do not allow for incremental updates, do not display rule handle since kernel refuses to update an implicit chain which is already bound. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1615 Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- src/rule.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/rule.c b/src/rule.c index 1caee58fb762..d1ee6c2ee067 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1058,13 +1058,19 @@ static void chain_print_declaration(const struct chain *chain, void chain_rules_print(const struct chain *chain, struct output_ctx *octx, const char *indent) { + unsigned int flags = octx->flags; struct rule *rule; + if (chain->flags & CHAIN_F_BINDING) + octx->flags &= ~NFT_CTX_OUTPUT_HANDLE; + list_for_each_entry(rule, &chain->rules, list) { nft_print(octx, "\t\t%s", indent ? : ""); rule_print(rule, octx); nft_print(octx, "\n"); } + + octx->flags = flags; } static void chain_print(const struct chain *chain, struct output_ctx *octx) -- 2.30.2
