From f4fca22ad45e1bf6a5cd5cc8dd32bf9366960954 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 17 Dec 2020 12:52:53 +0100
Subject: [PATCH] firewall-util-nft: clear previous address on replay

In case external entity wiped the ruleset, we need to clear the
'previous' address -- its already gone.

This prevents the transaction from succeeding: the delete operation fails.
---
 src/shared/firewall-util-nft.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/shared/firewall-util-nft.c b/src/shared/firewall-util-nft.c
index 2e5ba97259e..22c0dc0980c 100644
--- a/src/shared/firewall-util-nft.c
+++ b/src/shared/firewall-util-nft.c
@@ -1062,6 +1062,8 @@ again:
                 int tmp = fw_nftables_recreate_table(ctx->nfnl, af, transaction, tsize);
 
                 if (tmp == 0) {
+                        /* table created anew; previous address already gone */
+                        previous_remote = NULL;
                         retry = false;
                         goto again;
                 }
-- 
2.47.3