nft: arptables: remove obsolete forward hook definition

Its not supported anymore as of 4.13, and it did not work
before this either (arp packets cannot be routed).
This unbreaks arptables-compat -- without this fix kernel rejects the
incoming ruleset skeleton.

filtering forwarded arp packets on a bridge can be done either via
'netdev' or 'bridge' families.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/nft.c b/iptables/nft.c
index 2610de441bdfbe3bf7c37523aa36b5520cc4388c..c1cf16cdd3aab5e3a4531ce4ff3ab1a15541cdad 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -456,12 +456,6 @@ struct builtin_table xtables_arp[TABLES_MAX] = {
                                .prio   = NF_IP_PRI_FILTER,
                                .hook   = NF_ARP_IN,
                        },
-                       {
-                               .name   = "FORWARD",
-                               .type   = "filter",
-                               .prio   = NF_IP_PRI_FILTER,
-                               .hook   = NF_ARP_FORWARD,
-                       },
                        {
                                .name   = "OUTPUT",
                                .type   = "filter",