[iptables-nftables,3/6] xtables: policy can be changed only on builtin chain

Submitted by Tomasz Bursztyka on May 14, 2013, 10:52 a.m.

Details

Message ID 1368528727-10127-4-git-send-email-tomasz.bursztyka@linux.intel.com
State Accepted
Headers show

Commit Message

Tomasz Bursztyka May 14, 2013, 10:52 a.m.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
---
 iptables/nft.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

Comments

Pablo Neira May 16, 2013, 5:01 p.m.
Also applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch hide | download patch | download mbox

diff --git a/iptables/nft.c b/iptables/nft.c
index 574383d..afbba84 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -503,16 +503,9 @@  __nft_chain_set(struct nft_handle *h, const char *table,
 		c = nft_chain_builtin_alloc(_t, _c, policy);
 		if (c == NULL)
 			return -1;
-
 	} else {
-		/* This is a custom chain */
-		c = nft_chain_alloc();
-		if (c == NULL)
-			return -1;
-
-		nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table);
-		nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain);
-		nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy);
+		errno = ENOENT;
+		return -1;
 	}
 
 	if (counters) {