Author: Phil Sutter <phil@nwl.cc>
Last-Update: 2025-11-15
Forwarded: not-needed
Applied-Upstream: commit:192c3a6bc18f206895ec5e38812d648ccfe7e281
Description: Accept an option if any given command allows it
 Fixed commit made option checking overly strict: Some commands may be
 commbined (foremost --list and --zero), reject a given option only if it
 is not allowed by any of the given commands.

--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -980,7 +980,7 @@
 	 */
 	for (i = 0, optval = 1; i < NUMBER_OF_OPT; optval = (1 << ++i)) {
 		if ((options & optval) &&
-		    (options_v_commands[i] & command) != command)
+		    !(options_v_commands[i] & command))
 			xtables_error(PARAMETER_PROBLEM,
 				      "Illegal option `%s' with this command",
 				      ops->option_name(optval));