diff options
author | Florian Westphal <fw@strlen.de> | 2018-03-30 11:39:12 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-30 12:20:32 +0200 |
commit | e3b5e1ec75234fb6b27708a316cdf69f9fb176a8 (patch) | |
tree | 3a09869c582d612e08c626d94a0c67fd6742e11d /Documentation/media/dmx.h.rst.exceptions | |
parent | 9ba5c404bf1d6284f0269411b33394362b7ff405 (diff) |
Revert "netfilter: x_tables: ensure last rule in base chain matches underflow/policy"
This reverts commit 0d7df906a0e78079a02108b06d32c3ef2238ad25.
Valdis Kletnieks reported that xtables is broken in linux-next since
0d7df906a0e78 ("netfilter: x_tables: ensure last rule in base chain
matches underflow/policy"), as kernel rejects the (well-formed) ruleset:
[ 64.402790] ip6_tables: last base chain position 1136 doesn't match underflow 1344 (hook 1)
mark_source_chains is not the correct place for such a check, as it
terminates evaluation of a chain once it sees an unconditional verdict
(following rules are known to be unreachable). It seems preferrable to
fix libiptc instead, so remove this check again.
Fixes: 0d7df906a0e78 ("netfilter: x_tables: ensure last rule in base chain matches underflow/policy")
Reported-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'Documentation/media/dmx.h.rst.exceptions')
0 files changed, 0 insertions, 0 deletions