MT#55283 Do not remove jumps to custom chain if base chain is "none"

If base chain is "none", the admin is responsible for jumping into the
custom chain. Don't remove jumps the admin migth have setup.

closes #1787

Change-Id: I9980acb12fb1abb0883b22aceab2719087768763

daemon/nftables.c

@@ -518,27 +518,31 @@ static const char *delete_chain(struct mnl_socket *nl, int family, uint32_t *seq
 static const char *nftables_shutdown_family(struct mnl_socket *nl, int family, uint32_t *seq,
 		const char *chain, const char *base_chain, nftables_args *dummy)
 {
-	// clean up rules in legacy `INPUT` chain
-	const char *err = iterate_rules(nl, family, "INPUT", seq,
-			&(struct iterate_callbacks) {
-				.parse_expr = match_immediate_rtpe,
-				.chain = chain,
-				.rule_final = check_immediate,
-				.iterate_final = iterate_delete_rules,
-			});
-	if (err)
-		return err;
+	const char *err;
 
-	// clean up rules in `input` chain
-	err = iterate_rules(nl, family, "input", seq,
-			&(struct iterate_callbacks) {
-				.parse_expr = match_immediate_rtpe,
-				.chain = chain,
-				.rule_final = check_immediate,
-				.iterate_final = iterate_delete_rules,
-			});
-	if (err)
-		return err;
+	if (!base_chain || strcmp(base_chain, "none")) {
+		// clean up rules in legacy `INPUT` chain
+		err = iterate_rules(nl, family, "INPUT", seq,
+				&(struct iterate_callbacks) {
+					.parse_expr = match_immediate_rtpe,
+					.chain = chain,
+					.rule_final = check_immediate,
+					.iterate_final = iterate_delete_rules,
+				});
+		if (err)
+			return err;
+
+		// clean up rules in `input` chain
+		err = iterate_rules(nl, family, "input", seq,
+				&(struct iterate_callbacks) {
+					.parse_expr = match_immediate_rtpe,
+					.chain = chain,
+					.rule_final = check_immediate,
+					.iterate_final = iterate_delete_rules,
+				});
+		if (err)
+			return err;
+	}
 
 	if (base_chain && strcmp(base_chain, "none")) {
 		// clean up rules in other base chain chain if any