xtables-restore: fix custom user chain restoration

author Pablo Neira Ayuso <pablo@netfilter.org>

Sun, 20 Jan 2013 19:18:02 +0000 (20:18 +0100)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Mon, 30 Dec 2013 22:50:22 +0000 (23:50 +0100)
author Pablo Neira Ayuso <pablo@netfilter.org>
Sun, 20 Jan 2013 19:18:02 +0000 (20:18 +0100)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Mon, 30 Dec 2013 22:50:22 +0000 (23:50 +0100)
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c

index e83eacc39506b50087e03ac808603db2ccb3d4e9..f6009776cd1eecf12d59ef750ee4bdcffac22023 100644 (file)
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -331,20 +331,29 @@ xtables_restore_main(int argc, char *argv[])
                                                            "for chain '%s'\n", chain);
  
                                 }
-
+                               if (nft_chain_set(&h, curtable, chain, policy, &count) < 0) {
+                                       xtables_error(OTHER_PROBLEM,
+                                                     "Can't set policy `%s'"
+                                                     " on `%s' line %u: %s\n",
+                                                     policy, chain, line,
+                                                     ops->strerror(errno));
+                               }
                                 DEBUGP("Setting policy of chain %s to %s\n",
-                                       chain, policy);
-                       }
+                                      chain, policy);
+                               ret = 1;
  
-                       if (nft_chain_set(&h, curtable, chain, policy, &count) < 0) {
-                               xtables_error(OTHER_PROBLEM,
-                                       "Can't set policy `%s'"
-                                       " on `%s' line %u: %s\n",
-                                       policy, chain, line,
-                                       ops->strerror(errno));
-                       }
+                       } else {
+                               if (nft_chain_user_add(&h, chain, curtable) < 0) {
+                                       if (errno == EEXIST)
+                                               continue;
  
-                       ret = 1;
+                                       xtables_error(PARAMETER_PROBLEM,
+                                                     "cannot create chain "
+                                                     "'%s' (%s)\n", chain,
+                                                     strerror(errno));
+                               }
+                               continue;
+                       }
  
                 } else if (in_table) {
                         int a;
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 20 Jan 2013 19:18:02 +0000 (20:18 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 30 Dec 2013 22:50:22 +0000 (23:50 +0100)