From c34f467b183e2c1d42fa62fb449fe11985eaee62 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Sun, 18 Aug 2002 18:03:52 +0000 Subject: [PATCH] disallow RETURN policy on base chain --- ebtables.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ebtables.c b/ebtables.c index 28da8d7..54fd2b0 100644 --- a/ebtables.c +++ b/ebtables.c @@ -2064,9 +2064,13 @@ check_extension: // the kernel does not have to do this ofcourse new_entry->ethproto = htons(new_entry->ethproto); - if (replace.command == 'P') + if (replace.command == 'P') { + if (replace.selected_hook < NF_BR_NUMHOOKS && + policy == EBT_RETURN) + print_error("Policy RETURN only allowed for user " + "defined chains"); change_policy(policy); - else if (replace.command == 'L') { + } else if (replace.command == 'L') { list_rules(); if (replace.flags & OPT_ZERO) zero_counters(zerochain); -- 2.7.4