MT#55283 Do not remove jumps to custom chain if base chain is "none"

If base chain is "none", the admin is responsible for jumping into the
custom chain. Don't remove jumps the admin migth have setup.

closes #1787

Change-Id: I9980acb12fb1abb0883b22aceab2719087768763
(cherry picked from commit 4cf8be08e3)

daemon/nftables.c

@@ -518,27 +518,31 @@ static const char *delete_chain(struct mnl_socket *nl, int family, uint32_t *seq
 static const char *nftables_shutdown_family(struct mnl_socket *nl, int family, uint32_t *seq,
 		const char *chain, const char *base_chain, nftables_args *dummy)
 {
-	// clean up rules in legacy `INPUT` chain
+	const char *err;
-	const char *err = iterate_rules(nl, family, "INPUT", seq,
-			&(struct iterate_callbacks) {
-				.parse_expr = match_immediate_rtpe,
-				.chain = chain,
-				.rule_final = check_immediate,
-				.iterate_final = iterate_delete_rules,
-			});
-	if (err)
-		return err;
 
-	// clean up rules in `input` chain
+	if (!base_chain || strcmp(base_chain, "none")) {
-	err = iterate_rules(nl, family, "input", seq,
+		// clean up rules in legacy `INPUT` chain
-			&(struct iterate_callbacks) {
+		err = iterate_rules(nl, family, "INPUT", seq,
-				.parse_expr = match_immediate_rtpe,
+				&(struct iterate_callbacks) {
-				.chain = chain,
+					.parse_expr = match_immediate_rtpe,
-				.rule_final = check_immediate,
+					.chain = chain,
-				.iterate_final = iterate_delete_rules,
+					.rule_final = check_immediate,
-			});
+					.iterate_final = iterate_delete_rules,
-	if (err)
+				});
-		return err;
+		if (err)
+			return err;
+
+		// clean up rules in `input` chain
+		err = iterate_rules(nl, family, "input", seq,
+				&(struct iterate_callbacks) {
+					.parse_expr = match_immediate_rtpe,
+					.chain = chain,
+					.rule_final = check_immediate,
+					.iterate_final = iterate_delete_rules,
+				});
+		if (err)
+			return err;
+	}
 
 	if (base_chain && strcmp(base_chain, "none")) {
 		// clean up rules in other base chain chain if any