nft: arptables: remove obsolete forward hook definition
Its not supported anymore as of 4.13, and it did not work
before this either (arp packets cannot be routed).
This unbreaks arptables-compat -- without this fix kernel rejects the
incoming ruleset skeleton.
filtering forwarded arp packets on a bridge can be done either via
'netdev' or 'bridge' families.
Signed-off-by: Florian Westphal <fw@strlen.de>
diff --git a/iptables/nft.c b/iptables/nft.c
index 2610de4..c1cf16c 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -457,12 +457,6 @@
.hook = NF_ARP_IN,
},
{
- .name = "FORWARD",
- .type = "filter",
- .prio = NF_IP_PRI_FILTER,
- .hook = NF_ARP_FORWARD,
- },
- {
.name = "OUTPUT",
.type = "filter",
.prio = NF_IP_PRI_FILTER,