[PATCH net-next 2/3] netfilter: use NF_DROP in iptable_filter_table_init()

Jason Xing <kerneljasonxing@xxxxxxxxx> · Mon, 25 Mar 2024 11:19:44 +0800

From: Jason Xing <kernelxing@xxxxxxxxxxx>

There is no need to use the negative -NF_DROP because the definition
is just zero.

Signed-off-by: Jason Xing <kernelxing@xxxxxxxxxxx>
---
 net/ipv4/netfilter/iptable_filter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index b9062f4552ac..3ab908b74795 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -44,7 +44,7 @@ static int iptable_filter_table_init(struct net *net)
 		return -ENOMEM;
 	/* Entry 1 is the FORWARD hook */
 	((struct ipt_standard *)repl->entries)[1].target.verdict =
-		forward ? -NF_ACCEPT - 1 : -NF_DROP - 1;
+		forward ? -NF_ACCEPT - 1 : NF_DROP - 1;
 
 	err = ipt_register_table(net, &packet_filter, repl, filter_ops);
 	kfree(repl);
-- 
2.37.3








