bugzilla-daemon at netfilter.org
2014-Jul-10 10:05 UTC
[Bug 965] New: Deleting rules using "position" keyword deletes all rules for chain
https://bugzilla.netfilter.org/show_bug.cgi?id=965 Summary: Deleting rules using "position" keyword deletes all rules for chain Product: nftables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy: sander.contrib at gmail.com Estimated Hours: 0.0 I tested this by using the "position" keyword instead of the "handle" keyword, and discovered all rules in the chain gets deleted. I would expect to get an error for invalid keyword "position" when trying to delete rules instead of the nft silently deleting all rules (i.e. only considering: nft delete rule filter CHAINNAME). -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jul-10 12:53 UTC
[Bug 965] Deleting rules using "position" keyword deletes all rules for chain
https://bugzilla.netfilter.org/show_bug.cgi?id=965 --- Comment #1 from Jesper Sander Lindgren <sander.contrib at gmail.com> 2014-07-10 14:53:42 CEST --- I had a chain for output: table ip filter { chain output { type filter hook output priority 0; skuid sander counter packets 0 bytes 0 # handle 33 ip daddr 10.0.0.107 accept # handle 34 skuid sander counter packets 0 bytes 0 # handle 35 } } And trying (with the wrong keyword "position") to remove handle 33: nft delete rule filter output position 33 Executes without any problems. However, the "nft list table filter -a" shows the problem: table ip filter { chain output { type filter hook output priority 0; } } -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2016-May-13 19:24 UTC
[Bug 965] Deleting rules using "position" keyword deletes all rules for chain
https://bugzilla.netfilter.org/show_bug.cgi?id=965 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> --- Already fixed upstream. commit 4176c7d30c2ff1b3f52468fc9c08b8df83f979a8 Author: Arturo Borrero <arturo.borrero.glez at gmail.com> Date: Tue Apr 12 11:44:17 2016 +0200 evaluate: improve rule management checks Improve checks (and error reporting) for basic rule management operations. This includes a fix for netfilter bug #965. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160513/586380c9/attachment.html>
Seemingly Similar Threads
- [Bug 1087] New: Window Tracking not disabled
- [Bug 1073] New: inet-service vs icmp conflict
- [Bug 1347] New: ebtables-nft: regression in -o option
- [Bug 1298] New: Issue with REJECT in custom chains
- [Bug 1394] New: "Bad argument `ACCEPT'" when iptables-restore (nft) parses stdin