All current users set default source and destination addresses in their post_parse callbacks, so legacy variants are safe and nft variants don't have this restriction anyway. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/xshared.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/iptables/xshared.c b/iptables/xshared.c index 53e72b7abb1e8..c4d7a266fed5e 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -1836,11 +1836,6 @@ void do_parse(int argc, char *argv[], if (p->ops->post_parse) p->ops->post_parse(p->command, cs, args); - if (p->command == CMD_REPLACE && - (args->s.naddrs != 1 || args->d.naddrs != 1)) - xtables_error(PARAMETER_PROBLEM, "Replacement rule does not " - "specify a unique address"); - generic_opt_check(p->command, cs->options); if (p->chain != NULL && strlen(p->chain) >= XT_EXTENSION_MAXNAMELEN) -- 2.41.0
