bugzilla-daemon at netfilter.org
2017-Mar-22 17:21 UTC
[Bug 1135] New: When used as a script interpreter, nft fails if extra arguments are passed
https://bugzilla.netfilter.org/show_bug.cgi?id=1135
Bug ID: 1135
Summary: When used as a script interpreter, nft fails if extra
arguments are passed
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: dsx at droidnest.org
When used as a script interpreter, nft fails if extra arguments are passed.
E.g.:
#!/usr/sbin/nft -I /usr/local/etc/nftables -I /etc/nftables -f
[ruleset follows]
Error produced:
<cmdline>:1:11-11: Error: syntax error, unexpected newline, expecting
string
./test.nft
^
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170322/84bdf8c4/attachment.html>
bugzilla-daemon at netfilter.org
2017-Mar-23 09:45 UTC
[Bug 1135] When used as a script interpreter, nft fails if extra arguments are passed
https://bugzilla.netfilter.org/show_bug.cgi?id=1135
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Could you attach an example ruleset to reproduce this?
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170323/15433b83/attachment.html>
bugzilla-daemon at netfilter.org
2017-Mar-23 09:56 UTC
[Bug 1135] When used as a script interpreter, nft fails if extra arguments are passed
https://bugzilla.netfilter.org/show_bug.cgi?id=1135
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at strlen.de
--- Comment #2 from Florian Westphal <fw at strlen.de> ---
(In reply to Pablo Neira Ayuso from comment #1)> Could you attach an example ruleset to reproduce this?
$ cat /tmp/x.nft
#!/usr/sbin/nft -I /usr/local/etc/nftables -I /etc/nftables -f
$ /usr/sbin/nft -f /tmp/x.nft
(works)
$ /usr/sbin/nft -I /usr/local/etc/nftables -I /etc/nftables -f /tmp/x.nft
(works)
$ /tmp/x.nft
/tmp/x.nft
<cmdline>:1:1-1: Error: syntax error, unexpected /
/tmp/x.nft
(reason appears to be that kernel passes all args as one
since its not subject to split by shell, i.e. its equal to:
$ /usr/sbin/nft '-I /usr/local/etc/nftables -I /etc/nftables -f'
/tmp/x.nft
<cmdline>:1:1-1: Error: syntax error, unexpected /
/tmp/x.nft
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170323/630fdee3/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jan-29 00:02 UTC
[Bug 1135] When used as a script interpreter, nft fails if extra arguments are passed
https://bugzilla.netfilter.org/show_bug.cgi?id=1135
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200129/1a3e0027/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-28 07:44 UTC
[Bug 1135] When used as a script interpreter, nft fails if extra arguments are passed
https://bugzilla.netfilter.org/show_bug.cgi?id=1135 --- Comment #3 from kfm at plushkava.net --- Use env(1) from coreutils. It has a --split-string option that supports the given use-case. #!/usr/bin/env -S nft -I /usr/local/etc/nftables -I /etc/nftables -f Otherwise, this bug is invalid because it is something that would have to be addressed by the kernel. See also, https://lkml.org/lkml/2004/2/16/74. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200828/b7b4c57c/attachment.html>
bugzilla-daemon at netfilter.org
2020-Dec-01 19:50 UTC
[Bug 1135] When used as a script interpreter, nft fails if extra arguments are passed
https://bugzilla.netfilter.org/show_bug.cgi?id=1135 --- Comment #4 from kfm at plushkava.net --- For those that aren't using GNU systems, here is a tiny sh script, which effectively does the same thing that env -S would. #!/bin/sh set -f set -- $* exec "$@" Let's assume that it is saved as /usr/local/bin/split-exec. The equivalent shebang would then be as follows. #!/usr/local/bin/split-exec nft -I /usr/local/etc/nftables -I /etc/nftables -f -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201201/475214ec/attachment.html>
Seemingly Similar Threads
- [Bug 1392] New: nft stalls on EGAIN upon repeatedly flushing and populating a set
- [Bug 1439] New: Atomically updating/reloading a large set with nft -f is excessively slow
- [Bug 1438] New: nft generates wrong intervals for sets with auto-merge
- [Bug 1451] New: nft add element fails when preceded by nft get element or nft delete element commands
- [Bug 1361] New: nft segfault on overlapping intervals