From: Florian Westphal <fw@strlen.de>
Date: Thu, 17 Dec 2020 11:52:53 +0000 (+0100)
Subject: firewall-util-nft: clear previous address on replay
X-Git-Tag: v248-rc1~90^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f4fca22ad45e1bf6a5cd5cc8dd32bf9366960954;p=thirdparty%2Fsystemd.git

firewall-util-nft: clear previous address on replay

In case external entity wiped the ruleset, we need to clear the
'previous' address -- its already gone.

This prevents the transaction from succeeding: the delete operation fails.
---

diff --git a/src/shared/firewall-util-nft.c b/src/shared/firewall-util-nft.c
index 2e5ba97259e..22c0dc0980c 100644
--- a/src/shared/firewall-util-nft.c
+++ b/src/shared/firewall-util-nft.c
@@ -1062,6 +1062,8 @@ again:
                 int tmp = fw_nftables_recreate_table(ctx->nfnl, af, transaction, tsize);
 
                 if (tmp == 0) {
+                        /* table created anew; previous address already gone */
+                        previous_remote = NULL;
                         retry = false;
                         goto again;
                 }