nft: Make rule parsing errors fatal

Finish parsing the rule, thereby printing all potential problems and
abort the program.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index c13fc307e7a89b324ebc89f3c37a997258a460a0..4a7b5406892c4a1799ef629db109cb5b7674342d 100644 (file)
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -1362,7 +1362,7 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
                        nft_parse_range(&ctx, expr);
 
                if (ctx.errmsg) {
-                       fprintf(stderr, "%s", ctx.errmsg);
+                       fprintf(stderr, "Error: %s\n", ctx.errmsg);
                        ctx.errmsg = NULL;
                        ret = false;
                }
@@ -1404,6 +1404,8 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
        if (!cs->jumpto)
                cs->jumpto = "";
 
+       if (!ret)
+               xtables_error(VERSION_PROBLEM, "Parsing nftables rule failed");
        return ret;
 }