bugzilla-daemon at netfilter.org
2017-Nov-06 19:18 UTC
[Bug 1200] New: anonymous sets containing port numbers
https://bugzilla.netfilter.org/show_bug.cgi?id=1200
Bug ID: 1200
Summary: anonymous sets containing port numbers
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: bugzilla at hard-wired.net
notables 0.8 will fail. 0.7 was working.
A nft rule contains an anonymous set with port numbers will just be ignored :
this will fail :
tcp dport { ftp, ssh, smtp, domain, http } accept
This will works :
set output_tcp_sports {
type inet_service
elements = { ssh, smtp, domain, http }
}
tcp dport @output_tcp_dports accept
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171106/e15d63bd/attachment.html>
bugzilla-daemon at netfilter.org
2017-Nov-06 19:19 UTC
[Bug 1200] anonymous sets containing port numbers
https://bugzilla.netfilter.org/show_bug.cgi?id=1200
bugzilla at hard-wired.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugzilla at hard-wired.net
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171106/62012ae7/attachment.html>
bugzilla-daemon at netfilter.org
2017-Nov-15 18:19 UTC
[Bug 1200] anonymous sets containing port numbers
https://bugzilla.netfilter.org/show_bug.cgi?id=1200
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|NEW |RESOLVED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
This is a kernel bug, fixed in 4.13.13. nftables 0.8 should be fine with that
kernel. Please, confirm this is fixing the issue for you, thanks.
*** This bug has been marked as a duplicate of bug 1201 ***
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171115/2a9f9706/attachment.html>
Maybe Matching Threads
- [Bug 1252] New: comment doesn't work with ranges in sets
- [Bug 896] New: You can not add the follow kinds of sets: mark, integer, string, lladdr
- [Bug 1425] New: th not accepted in snat with multiple ip protocols
- [Bug 1282] New: SIGSEGV on loading tables
- [Bug 1201] New: Some filters randomly do not work since version 0.8