bugzilla-daemon at netfilter.org
2014-Dec-30 13:18 UTC
[Bug 993] New: nft produces incorrect output when a reject rule is added using nft -f
https://bugzilla.netfilter.org/show_bug.cgi?id=993 Bug ID: 993 Summary: nft produces incorrect output when a reject rule is added using nft -f Product: nftables Version: unspecified Hardware: x86_64 OS: Fedora Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: lantw44 at gmail.com When I inserted this simple rule using 'nft -f': table inet filter { chain input { reject with icmp type host-prohibited } } 'nft list table inet filter' showed differenct output: table inet filter { chain input { reject } } Things after the reject command are missing. This problem doesn't happen when the rule is added using 'nft add rule'. When I tried to restore the settings produced by 'nft list table inet filter', it showed 'Error: Could not process rule: Invalid argument' on Fedora 21 (which uses Linux 3.17.7), but it worked on Fedora rawhide (which uses Linux 3.18.1). -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20141230/1d5a4b30/attachment.html>
bugzilla-daemon at netfilter.org
2015-Jan-05 10:12 UTC
[Bug 993] nft produces incorrect output when a reject rule is added using nft -f
https://bugzilla.netfilter.org/show_bug.cgi?id=993 Alvaro <alvaroneay at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alvaroneay at gmail.com -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20150105/32a766e0/attachment.html>
bugzilla-daemon at netfilter.org
2015-Jan-07 16:22 UTC
[Bug 993] nft produces incorrect output when a reject rule is added using nft -f
https://bugzilla.netfilter.org/show_bug.cgi?id=993 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- Fixed in: http://git.netfilter.org/nftables/commit/?id=545c93d54d900e8e20071891b7e2bf3bb0e5fed2 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20150107/d514eb72/attachment.html>
Seemingly Similar Threads
- [Bug 946] New: Cannot invert a protocol: ip protocol != tcp
- [Bug 924] New: Range: It is not possible invert a range of ip address
- [Bug 1354] New: cat foo.nft | nft -f - produces syntax error not seen with nft -f foo.nft
- [Bug 927] New: tos: symbolic names are not supported
- [Bug 1118] New: nft: nft -f and nft list ruleset use different sets of service -> port mappings