| Message ID | 20180528192739.10414-1-pablo@netfilter.org |
|---|---|
| State | Changes Requested |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [xtables,1/4] xtables: always initialize basechains on ruleset restore | expand |
diff --git a/iptables/nft.c b/iptables/nft.c index 37aa0b2ee8c5..a04aa350a074 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2551,9 +2551,6 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename, uint32_t table_family, chain_family; bool found = false; - if (h->restore) - return 0; - table_list = nftnl_table_list_alloc(); chain_list = nftnl_chain_list_alloc();
We cannot assume iptables-restore files always come with explicit basechain definition, eg. :PREROUTING ACCEPT incremental ruleset updates may deliberately skip this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- iptables/nft.c | 3 --- 1 file changed, 3 deletions(-)