nft: Fix leak when deleting rules

For NFT_COMPAT_RULE_DELETE jobs, batch_obj_del() has to do the rule
freeing, they are no longer in cache.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft.c b/iptables/nft.c
index c0b5e2fc524a7a1a6aeb92a0706493accaf4196d..01268f7859e9bed30cbdfd447fb700ac4292d650 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2680,8 +2680,8 @@ static void batch_obj_del(struct nft_handle *h, struct obj_update *o)
        case NFT_COMPAT_RULE_APPEND:
        case NFT_COMPAT_RULE_INSERT:
        case NFT_COMPAT_RULE_REPLACE:
-       case NFT_COMPAT_RULE_DELETE:
                break;
+       case NFT_COMPAT_RULE_DELETE:
        case NFT_COMPAT_RULE_FLUSH:
                nftnl_rule_free(o->rule);
                break;