bugzilla-daemon at netfilter.org
2017-Feb-10 17:20 UTC
[Bug 998] firewallrule on mld-listener-query not honored
https://bugzilla.netfilter.org/show_bug.cgi?id=998 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |phil at nwl.cc Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #1 from Phil Sutter <phil at nwl.cc> --- I can't reproduce this issue. Here's what I tried on a current Fedora Rawhide: table inet t { chain c { type filter hook input priority 0; policy accept; ip6 hoplimit 1 icmpv6 type mld-listener-query counter accept } } Then created the packet using scapy:>>> p = IPv6(src='fec0:42::1', dst='fec0:42::5')/ICMPv6MLQuery() >>> ep = Ether(src='fe:54:00:62:0e:9a', dst='52:54:00:62:0e:9a')/p >>> sendp(ep, iface='vnetbr0')Looking at the ruleset, I see the counter increments so the packet is recognized by nftables. I'll therefore close this ticket. If the problem still happens for you with recent versions of nftables and kernel, feel free to reopen. Cheers, Phil -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170210/22de4d0d/attachment.html>
Reasonably Related Threads
- [Bug 1221] New: "fib" produces strange results with an IPv6 default route
- [Bug 966] New: iptables can't change or drop or any effect on scapy packet!
- [Bug 1138] New: icmpv6 mld-listener-query not detcted
- [Bridge] [PATCH net-next 15/16] selftests: forwarding: lib: Add helpers to build IGMP/MLD leave packets
- [Bridge] [PATCH net-next 09/16] selftests: forwarding: Move IGMP- and MLD-related functions to lib