bugzilla-daemon at netfilter.org
2021-Jan-31 00:24 UTC
[Bug 1494] New: On chain sreation with elements, after deletion no longer ACCEPT - it is DROP
https://bugzilla.netfilter.org/show_bug.cgi?id=1494
Bug ID: 1494
Summary: On chain sreation with elements, after deletion no
longer ACCEPT - it is DROP
Product: libnftnl
Version: unspecified
Hardware: i386
OS: Debian GNU/Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: libnftnl
Assignee: pablo at netfilter.org
Reporter: hell at fibermax.bg
nftables RACE CONDITION
chain main (accept)
rule chain main vmap ip saddr W,Z goto H,Y
create chain H
create chain Y
chain H rule ip saddr W...counter DROP
chain H rule ip saddr Z.. counter ACCEPT
flush chain H
flush chain Y
chain H rule ip saddr W...counter ACCEPT
chain H rule ip saddr Z.. counter DROP
now rule saddr Z will not work or other way around.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20210131/7a65b35c/attachment.html>