diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common
index c1454266f..5814189fd 100644
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -499,9 +499,9 @@ in_network() # $1 = IP address, $2 = CIDR network
#
# Query NetFilter about the existence of a filter chain
#
-chain_exists() # $1 = chain name
+chain_exists() # $1 = chain name, $2 = table name (optional)
{
- qt1 $g_tool -L $1 -n
+ qt1 $g_tool -t ${2:-filter} -L $1 -n
}
#
diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer
index 419471927..b8ebcd7e3 100644
--- a/Shorewall/Perl/prog.footer
+++ b/Shorewall/Perl/prog.footer
@@ -266,17 +266,39 @@ case "$COMMAND" in
else
shift
status=0
+ table=filter
for chain in $@; do
- if chain_exists $chain; then
- if qt $g_tool-Z $chain; then
- progress_message3 "Filter $chain Counters Reset"
+ case $chain in
+ *:*)
+ table=${chain%:*}
+ chain=${chain#*:}
+ case $table in
+ raw|nat|mangle|filter)
+ ;;
+ *)
+ error_message "ERROR: Invalid table name ($table)"
+ status=2
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+
+ if [ $status -eq 0 ]; then
+ if chain_exists $chain $table; then
+ if qt $g_tool -t $table -Z $chain; then
+ progress_message3 "Completed counter reset of $table chain $chain"
+ else
+ error_message "ERROR: Reset of $table chain $chain failed"
+ status=2
+ break
+ fi
else
- error_message "ERROR: Reset of chain $chain failed"
- status=2
- break
+ error_message "WARNING: $table chain $chain does not exist"
fi
else
- error_message "WARNING: Filter Chain $chain does not exist"
+ break;
fi
done
fi
diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml
index f1b83a8dd..570c46985 100644
--- a/Shorewall/manpages/shorewall.xml
+++ b/Shorewall/manpages/shorewall.xml
@@ -497,7 +497,9 @@
-options
-
+ chain
+ ...
@@ -1768,6 +1770,13 @@
chain(s). If no
chain is specified, all the packet and
byte counters in the firewall are reset.
+
+ Beginning with Shorewall 5.0.0,
+ chain may be composed of both a table
+ name and a chain name separated by a colon (e.g.,
+ mangle:PREROUTING). Chain names following that don't include a table
+ name are assumed to be in that same table. If no table name is given
+ in the command, the filter table is assumed.
diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml
index 20f2380db..16fa452b2 100644
--- a/Shorewall6/manpages/shorewall6.xml
+++ b/Shorewall6/manpages/shorewall6.xml
@@ -451,7 +451,9 @@
-options
-
+ chain
+ ...
@@ -1703,6 +1705,13 @@
chain(s). If no
chain is specified, all the packet and
byte counters in the firewall are reset.
+
+ Beginning with Shorewall 5.0.0,
+ chain may be composed of both a table
+ name and a chain name separated by a colon (e.g.,
+ mangle:PREROUTING). Chain names following that don't include a table
+ name are assumed to be in that same table. If no table name is given
+ in the command, the filter table is assumed.