diff --git a/0001-ebtables-Exit-gracefully-on-invalid-table-names.patch b/0001-ebtables-Exit-gracefully-on-invalid-table-names.patch
new file mode 100644
index 0000000..ba625a2
--- /dev/null
+++ b/0001-ebtables-Exit-gracefully-on-invalid-table-names.patch
@@ -0,0 +1,51 @@
+From 30c1d443896311e69762d6b51b63908ec602574f Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 28 Jan 2021 01:09:56 +0100
+Subject: [PATCH] ebtables: Exit gracefully on invalid table names
+
+Users are able to cause program abort by passing a table name that
+doesn't exist:
+
+| # ebtables-nft -t dummy -P INPUT ACCEPT
+| ebtables: nft-cache.c:455: fetch_chain_cache: Assertion `t' failed.
+| Aborted
+
+Avoid this by checking table existence just like iptables-nft does upon
+parsing '-t' optarg. Since the list of tables is known and fixed,
+checking the given name's length is pointless. So just drop that check
+in return.
+
+With this patch in place, output looks much better:
+
+| # ebtables-nft -t dummy -P INPUT ACCEPT
+| ebtables v1.8.7 (nf_tables): table 'dummy' does not exist
+| Perhaps iptables or your kernel needs to be upgraded.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Phil Sutter <psutter@redhat.com>
+---
+ iptables/xtables-eb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
+index cfa9317c78e94..5bb34d6d292a9 100644
+--- a/iptables/xtables-eb.c
++++ b/iptables/xtables-eb.c
+@@ -914,10 +914,10 @@ print_zero:
+ 				xtables_error(PARAMETER_PROBLEM,
+ 					      "The -t option (seen in line %u) cannot be used in %s.\n",
+ 					      line, xt_params->program_name);
+-			if (strlen(optarg) > EBT_TABLE_MAXNAMELEN - 1)
+-				xtables_error(PARAMETER_PROBLEM,
+-					      "Table name length cannot exceed %d characters",
+-					      EBT_TABLE_MAXNAMELEN - 1);
++			if (!nft_table_builtin_find(h, optarg))
++				xtables_error(VERSION_PROBLEM,
++					      "table '%s' does not exist",
++					      optarg);
+ 			*table = optarg;
+ 			table_set = true;
+ 			break;
+-- 
+2.28.0
+
diff --git a/iptables.spec b/iptables.spec
index c218724..eb8e3e2 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -19,7 +19,7 @@ Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: http://www.netfilter.org/projects/iptables
 Version: 1.8.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 Source: %{url}/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -32,6 +32,8 @@ Source7: %{url}/files/%{name}-%{version_old}.tar.bz2
 Source8: 0002-extensions-format-security-fixes-in-libip-6-t_icmp.patch
 %endif
 
+Patch1: 0001-ebtables-Exit-gracefully-on-invalid-table-names.patch
+
 # pf.os: ISC license
 # iptables-apply: Artistic Licence 2.0
 License: GPLv2 and Artistic Licence 2.0 and ISC
@@ -443,6 +445,9 @@ fi
 
 
 %changelog
+* Thu Jan 28 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-3
+- ebtables: Exit gracefully on invalid table names
+
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.7-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild