git.ipfire.org Git - thirdparty/iptables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 7 May 2018 13:32:33 +0000 (15:32 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 7 May 2018 15:40:12 +0000 (17:40 +0200)
commit	df3d92bec600720b2fb50470212ed7cd1ef00c36
tree	4c354c4ed764231a01c2bb2da450c59253fc247b	tree \| snapshot
parent	ca165845f7ec63522dbfc5ffd50589845f352d7b	commit \| diff

xtables-compat-restore: flush user-defined chains with -n

-n still flushes user-defined chains and its content, the following snippet:

iptables-compat -N FOO
iptables-compat -I INPUT
iptables-compat -I FOO
iptables-compat -I FOO
iptables-compat-save > A
iptables-compat-restore < A
iptables-compat -N BAR
iptables-compat -A BAR
iptables-compat-restore -n < A

results in:

iptables-compat-save
# Generated by xtables-save v1.6.2 on Mon May 7 17:18:44 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:BAR - [0:0]
:FOO - [0:0]
-A INPUT
-A INPUT
-A BAR
-A FOO
-A FOO
COMMIT
# Completed on Mon May 7 17:18:44 2018

Still, user-defined chains that are not re-defined, such as BAR, are
left in place.

Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

iptables/nft-shared.h		diff \| blob \| blame \| history
iptables/nft.c		diff \| blob \| blame \| history
iptables/nft.h		diff \| blob \| blame \| history
iptables/xtables-restore.c		diff \| blob \| blame \| history