From: Florian Westphal <fw@strlen.de>
Date: Fri, 27 Apr 2018 10:53:48 +0000 (+0200)
Subject: nft: arptables: remove obsolete forward hook definition
X-Git-Tag: v1.8.0~105
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=98408697fd8505bc8337d1e03b0e2f0374e4f36a;p=thirdparty%2Fiptables.git

nft: arptables: remove obsolete forward hook definition

Its not supported anymore as of 4.13, and it did not work
before this either (arp packets cannot be routed).
This unbreaks arptables-compat -- without this fix kernel rejects the
incoming ruleset skeleton.

filtering forwarded arp packets on a bridge can be done either via
'netdev' or 'bridge' families.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/iptables/nft.c b/iptables/nft.c
index 2610de44..c1cf16cd 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -456,12 +456,6 @@ struct builtin_table xtables_arp[TABLES_MAX] = {
 				.prio   = NF_IP_PRI_FILTER,
 				.hook   = NF_ARP_IN,
 			},
-			{
-				.name   = "FORWARD",
-				.type   = "filter",
-				.prio   = NF_IP_PRI_FILTER,
-				.hook   = NF_ARP_FORWARD,
-			},
 			{
 				.name   = "OUTPUT",
 				.type   = "filter",