Control: tags -1 patch Control: forwarded -1 [email protected]
Attached fix sent upstream. J.
From de737b87dc30cd0fe5eb57f28c9697c8dbc36593 Mon Sep 17 00:00:00 2001 From: Jeremy Sowden <[email protected]> Date: Fri, 14 Nov 2025 20:42:27 +0000 Subject: [PATCH iptables] xshared: restore legal options for combined `-L -Z` commands Prior to commit 9c09d28102bb ("xshared: Simplify generic_opt_check()"), if multiple commands were given, options which were legal for any of the commands were considered legal for all of them. This allowed one to do things like: # iptables -n -L Z chain Commit 9c09d28102bb did away with this behaviour. Restore it for the specific combination of `-L` and `-Z`. Fixes: 9c09d28102bb ("xshared: Simplify generic_opt_check()") Signed-off-by: Jeremy Sowden <[email protected]> --- iptables/xshared.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iptables/xshared.c b/iptables/xshared.c index fc61e0fd832b..9bda28f1c213 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -943,16 +943,16 @@ static void parse_rule_range(struct xt_cmd_parse *p, const char *argv) #define CMD_IDRAC CMD_INSERT | CMD_DELETE | CMD_REPLACE | \ CMD_APPEND | CMD_CHECK | CMD_CHANGE_COUNTERS static const unsigned int options_v_commands[NUMBER_OF_OPT] = { -/*OPT_NUMERIC*/ CMD_LIST, +/*OPT_NUMERIC*/ CMD_LIST | CMD_ZERO, /*OPT_SOURCE*/ CMD_IDRAC, /*OPT_DESTINATION*/ CMD_IDRAC, /*OPT_PROTOCOL*/ CMD_IDRAC, /*OPT_JUMP*/ CMD_IDRAC, /*OPT_VERBOSE*/ UINT_MAX, -/*OPT_EXPANDED*/ CMD_LIST, +/*OPT_EXPANDED*/ CMD_LIST | CMD_ZERO, /*OPT_VIANAMEIN*/ CMD_IDRAC, /*OPT_VIANAMEOUT*/ CMD_IDRAC, -/*OPT_LINENUMBERS*/ CMD_LIST, +/*OPT_LINENUMBERS*/ CMD_LIST | CMD_ZERO, /*OPT_COUNTERS*/ CMD_INSERT | CMD_REPLACE | CMD_APPEND | CMD_SET_POLICY, /*OPT_FRAGMENT*/ CMD_IDRAC, /*OPT_S_MAC*/ CMD_IDRAC, -- 2.51.0
signature.asc
Description: PGP signature
