bugzilla-daemon at netfilter.org
2014-Dec-30 13:18 UTC
[Bug 993] New: nft produces incorrect output when a reject rule is added using nft -f
https://bugzilla.netfilter.org/show_bug.cgi?id=993
Bug ID: 993
Summary: nft produces incorrect output when a reject rule is
added using nft -f
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Fedora
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: lantw44 at gmail.com
When I inserted this simple rule using 'nft -f':
table inet filter {
chain input {
reject with icmp type host-prohibited
}
}
'nft list table inet filter' showed differenct output:
table inet filter {
chain input {
reject
}
}
Things after the reject command are missing. This problem doesn't happen
when
the rule is added using 'nft add rule'.
When I tried to restore the settings produced by 'nft list table inet
filter',
it showed 'Error: Could not process rule: Invalid argument' on Fedora 21
(which
uses Linux 3.17.7), but it worked on Fedora rawhide (which uses Linux 3.18.1).
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20141230/1d5a4b30/attachment.html>
bugzilla-daemon at netfilter.org
2015-Jan-05 10:12 UTC
[Bug 993] nft produces incorrect output when a reject rule is added using nft -f
https://bugzilla.netfilter.org/show_bug.cgi?id=993
Alvaro <alvaroneay at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |alvaroneay at gmail.com
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20150105/32a766e0/attachment.html>
bugzilla-daemon at netfilter.org
2015-Jan-07 16:22 UTC
[Bug 993] nft produces incorrect output when a reject rule is added using nft -f
https://bugzilla.netfilter.org/show_bug.cgi?id=993
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Fixed in:
http://git.netfilter.org/nftables/commit/?id=545c93d54d900e8e20071891b7e2bf3bb0e5fed2
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20150107/d514eb72/attachment.html>
Apparently Analagous Threads
- [Bug 946] New: Cannot invert a protocol: ip protocol != tcp
- [Bug 924] New: Range: It is not possible invert a range of ip address
- [Bug 1354] New: cat foo.nft | nft -f - produces syntax error not seen with nft -f foo.nft
- [Bug 927] New: tos: symbolic names are not supported
- [Bug 1118] New: nft: nft -f and nft list ruleset use different sets of service -> port mappings