On Wed, Jul 12, 2023 at 07:13:50PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Jul 12, 2023 at 11:59:12AM +0200, Pablo Neira Ayuso wrote:
> > diff --git a/iptables/nft.c b/iptables/nft.c
> > index 1cb104e75ccc..59e3fa7079c4 100644
> > --- a/iptables/nft.c
> > +++ b/iptables/nft.c
> [...]
> > @@ -2878,6 +2888,9 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
> > {
> > struct iptables_command_state cs = {};
> > struct nftnl_rule *r, *new_rule;
> > + struct nft_rule_ctx ctx = {
> > + .command = NFT_COMPAT_RULE_ZERO,
>
> BTW. I changed this to:
>
> .command = NFT_COMPAT_RULE_APPEND,
>
> before pushing it out, for the record.
Hmm. :)
I'm curious how to trigger the problem. Could you please provide a
test-case?
Thanks, Phil
