@@ -533,7 +533,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
break;
case 'i':
- if (*optarg == '\0')
+ if (*optarg == '\0' && h->family != NFPROTO_ARP)
xtables_error(PARAMETER_PROBLEM,
"Empty interface is likely to be "
"undesired");
@@ -545,7 +545,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
break;
case 'o':
- if (*optarg == '\0')
+ if (*optarg == '\0' && h->family != NFPROTO_ARP)
xtables_error(PARAMETER_PROBLEM,
"Empty interface is likely to be "
"undesired");
The empty string passed as interface name is simply ignored. Calling xtables_parse_interface() with an empty string is safe. Note that arptables-legacy seems not to ignore inverted empty interfacess, they appear in '-L' output as such: | -j ACCEPT -i * ! -o * , pcnt=0 -- bcnt=0 Yet they don't appear in arptables-save output. Given that inverted "any interface" will never match, there's probably no point in sticking to this inconsistency. Signed-off-by: Phil Sutter <phil@nwl.cc> --- iptables/xtables.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)