xtables: initialize basechains for rule flush command too

Otherwise, flush commands on not-yet-initialized basechains hit ENOENT.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index 66bd4d42982aa11c73f9cc8bba7a016402e6c40a..603ba306a1ec7872f1b07732ac203f309860b51e 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1465,6 +1465,9 @@ int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table)
        struct nftnl_chain_list_iter *iter;
        struct nftnl_chain *c;
 
+       if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
+               nft_xt_builtin_init(h, table);
+
        nft_fn = nft_rule_flush;
 
        list = nftnl_chain_list_get(h);