commit | 21d5e078192d244df3d6049f9464fff2f72cfd68 | [log] [tgz] |
---|---|---|
author | Florian Westphal <fw@strlen.de> | Fri Jul 06 20:06:05 2018 +0200 |
committer | Pablo Neira Ayuso <pablo@netfilter.org> | Mon Jul 09 16:06:19 2018 +0200 |
tree | edd4a10495e5c155cf53347fb58f99ebe025685e | |
parent | e240cd0df48185a28c153f83a39ba3940e3e9b86 [diff] |
netfilter: nft_compat: explicitly reject ERROR and standard target iptables-nft never requests these, but make this explicitly illegal. If it were quested, kernel could oops as ->eval is NULL, furthermore, the builtin targets have no owning module so its possible to rmmod eb/ip/ip6_tables module even if they would be loaded. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>