bugzilla-daemon at netfilter.org
2014-Jul-10 10:05 UTC
[Bug 965] New: Deleting rules using "position" keyword deletes all rules for chain
https://bugzilla.netfilter.org/show_bug.cgi?id=965
Summary: Deleting rules using "position" keyword deletes
all
rules for chain
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy: sander.contrib at gmail.com
Estimated Hours: 0.0
I tested this by using the "position" keyword instead of the
"handle" keyword,
and discovered all rules in the chain gets deleted.
I would expect to get an error for invalid keyword "position" when
trying to
delete rules instead of the nft silently deleting all rules (i.e. only
considering: nft delete rule filter CHAINNAME).
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jul-10 12:53 UTC
[Bug 965] Deleting rules using "position" keyword deletes all rules for chain
https://bugzilla.netfilter.org/show_bug.cgi?id=965
--- Comment #1 from Jesper Sander Lindgren <sander.contrib at gmail.com>
2014-07-10 14:53:42 CEST ---
I had a chain for output:
table ip filter {
chain output {
type filter hook output priority 0;
skuid sander counter packets 0 bytes 0 # handle 33
ip daddr 10.0.0.107 accept # handle 34
skuid sander counter packets 0 bytes 0 # handle 35
}
}
And trying (with the wrong keyword "position") to remove handle 33:
nft delete rule filter output position 33
Executes without any problems.
However, the "nft list table filter -a" shows the problem:
table ip filter {
chain output {
type filter hook output priority 0;
}
}
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2016-May-13 19:24 UTC
[Bug 965] Deleting rules using "position" keyword deletes all rules for chain
https://bugzilla.netfilter.org/show_bug.cgi?id=965
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Already fixed upstream.
commit 4176c7d30c2ff1b3f52468fc9c08b8df83f979a8
Author: Arturo Borrero <arturo.borrero.glez at gmail.com>
Date: Tue Apr 12 11:44:17 2016 +0200
evaluate: improve rule management checks
Improve checks (and error reporting) for basic rule management operations.
This includes a fix for netfilter bug #965.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160513/586380c9/attachment.html>
Apparently Analagous Threads
- [Bug 1087] New: Window Tracking not disabled
- [Bug 1073] New: inet-service vs icmp conflict
- [Bug 1347] New: ebtables-nft: regression in -o option
- [Bug 1298] New: Issue with REJECT in custom chains
- [Bug 1394] New: "Bad argument `ACCEPT'" when iptables-restore (nft) parses stdin