From: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Date: Tue, 14 May 2013 00:52:04 +0000 (+0000)
Subject: xtables: policy can be changed only on builtin chain
X-Git-Tag: v1.6.0~111^2~104
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=20c156f9f4c43857a622f015a3022517601c3600;p=thirdparty%2Fiptables.git

xtables: policy can be changed only on builtin chain

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/iptables/nft.c b/iptables/nft.c
index 7e1b47bc..54951154 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -503,16 +503,9 @@ __nft_chain_set(struct nft_handle *h, const char *table,
 		c = nft_chain_builtin_alloc(_t, _c, policy);
 		if (c == NULL)
 			return -1;
-
 	} else {
-		/* This is a custom chain */
-		c = nft_chain_alloc();
-		if (c == NULL)
-			return -1;
-
-		nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table);
-		nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain);
-		nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy);
+		errno = ENOENT;
+		return -1;
 	}
 
 	if (counters) {