From: Phil Sutter <phil@nwl.cc>
Date: Wed, 2 Jun 2021 08:13:26 +0000 (+0200)
Subject: ebtables-restore: Deny --init-table
X-Git-Tag: v1.8.9~149
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=276346f6659b700306070545f51c1a6060972f16;p=thirdparty%2Fiptables.git

ebtables-restore: Deny --init-table

Allowing this segfaults the program. The deny is in line with legacy
ebtables, so no point in implementing support for that.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 3d15063e..b986fd9e 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -1077,6 +1077,9 @@ print_zero:
 			flags |= LIST_MAC2;
 			break;
 		case 11: /* init-table */
+			if (restore)
+				xtables_error(PARAMETER_PROBLEM,
+					      "--init-table is not supported in daemon mode");
 			nft_cmd_table_flush(h, *table, false);
 			return 1;
 		case 13 :