nft: arptables: remove obsolete forward hook definition Its not supported anymore as of 4.13, and it did not work before this either (arp packets cannot be routed). This unbreaks arptables-compat -- without this fix kernel rejects the incoming ruleset skeleton. filtering forwarded arp packets on a bridge can be done either via 'netdev' or 'bridge' families. Signed-off-by: Florian Westphal <fw@strlen.de>

commit: 98408697fd8505bc8337d1e03b0e2f0374e4f36a [log] [tgz]
author: Florian Westphal <fw@strlen.de> Fri Apr 27 12:53:48 2018 +0200
committer: Florian Westphal <fw@strlen.de> Fri Apr 27 12:58:23 2018 +0200
tree: 18935a1dbddfb9a41516f2ed669dba1f561e5d22
parent: 7a37d1407e4446e7e84ec038bf4d2d3dac9f2138 [diff]
diff --git a/iptables/nft.c b/iptables/nft.c
index 2610de4..c1cf16c 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c

@@ -457,12 +457,6 @@
 				.hook   = NF_ARP_IN,
 			},
 			{
-				.name   = "FORWARD",
-				.type   = "filter",
-				.prio   = NF_IP_PRI_FILTER,
-				.hook   = NF_ARP_FORWARD,
-			},
-			{
 				.name   = "OUTPUT",
 				.type   = "filter",
 				.prio   = NF_IP_PRI_FILTER,
commit	98408697fd8505bc8337d1e03b0e2f0374e4f36a	[log] [tgz]
author	Florian Westphal <fw@strlen.de>	Fri Apr 27 12:53:48 2018 +0200
committer	Florian Westphal <fw@strlen.de>	Fri Apr 27 12:58:23 2018 +0200
tree	18935a1dbddfb9a41516f2ed669dba1f561e5d22
parent	7a37d1407e4446e7e84ec038bf4d2d3dac9f2138 [diff]