xtables: Print error when listing non-existent chains

Just like legacy iptables, iptables-nft should not treat the attempt to
list a non-existing chain as OK.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/nft.c b/iptables/nft.c
index f9bd0ed22a6746187804850b3a7a681b2ae94741..154ae19cebda13db93aa608695b920cf4d5a0ae4 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2298,18 +2298,21 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
                __nft_rule_list(h, chain_name, table,
                                rulenum, format, ops->print_rule);
 
+               found = true;
+
                /* we printed the chain we wanted, stop processing. */
                if (chain)
                        break;
 
-               found = true;
-
 next:
                c = nftnl_chain_list_iter_next(iter);
        }
 
        nftnl_chain_list_iter_destroy(iter);
 err:
+       if (chain && !found)
+               return 0;
+
        return 1;
 }