bugzilla-daemon at netfilter.org
2017-Oct-21 22:12 UTC
[Bug 1196] New: nft does not allow comments within sets: Error: syntax error, unexpected newline
https://bugzilla.netfilter.org/show_bug.cgi?id=1196
Bug ID: 1196
Summary: nft does not allow comments within sets: Error: syntax
error, unexpected newline
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: slyfox at inbox.ru
Created attachment 512
--> https://bugzilla.netfilter.org/attachment.cgi?id=512&action=edit
nft.comment
# Run as: 'nft -f nft.comment'
# flush old state
flush ruleset
# filters
table inet filter {
# in real code there is a reference to this chain
chain local-input {
# this works
tcp dport {
21,
2121
} counter accept
# this does not:
# ./nft.comment:16:25-25: Error: syntax error, unexpected newline
# # normal FTP
# ^
tcp dport {
# normal FTP
21,
# patched FTP
2121
} counter accept
}
}
# dump new state
list ruleset
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171021/89f23383/attachment.html>
bugzilla-daemon at netfilter.org
2018-Apr-27 15:09 UTC
[Bug 1196] nft does not allow comments within sets: Error: syntax error, unexpected newline
https://bugzilla.netfilter.org/show_bug.cgi?id=1196
Antonio Ospite <ao2 at ao2.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ao2 at ao2.it
--- Comment #1 from Antonio Ospite <ao2 at ao2.it> ---
Hi,
I too noticed this.
As a workaround one can use comments at the end of the line, after the items,
like:
tcp dport {
21, #normal FTP
2121 # patched FTP
} counter accept
Or abuse line continuation:
tcp dport { \
# normal FTP
21, \
# patched FTP
2121
} counter accept
But both tricks are quite ugly IMHO.
It would be great if comments could be used more freely.
Ciao,
Antonio
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180427/12da1d43/attachment.html>
bugzilla-daemon at netfilter.org
2018-Jul-11 07:08 UTC
[Bug 1196] nft does not allow comments within sets: Error: syntax error, unexpected newline
https://bugzilla.netfilter.org/show_bug.cgi?id=1196
idotobi at mailbox.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |idotobi at mailbox.org
--- Comment #2 from idotobi at mailbox.org ---
Hi,
for now I found a syntax hack I'm quite happy with
tcp dport {
67-68 # only first line cannot be a comment solely
, ########################################
, # multiline commits
, ########################################
, 21 # comments here are also OK
,
, ########################################
, # even empty lines work (see above)
, ########################################
, 2121
}
It would be still great if comments could be used freely,
but for me this fulfills most commenting needs I have.
Hope it helps anyone, Tobi
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180711/c2b9e974/attachment.html>
bugzilla-daemon at netfilter.org
2019-Aug-27 18:09 UTC
[Bug 1196] nft does not allow comments within sets: Error: syntax error, unexpected newline
https://bugzilla.netfilter.org/show_bug.cgi?id=1196
Arturo Borrero Gonzalez <arturo at debian.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |arturo at debian.org
--- Comment #3 from Arturo Borrero Gonzalez <arturo at debian.org> ---
Additional information reported in Debian bug tracker:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932877
# cat tmp.nft
table inet x {
# comments are allowed here
chain y {
# comments are allowed here
icmpv6 type {
1, # comments are allowed here
2,
} accept
icmpv6 type {
1,
# comments AREN'T allowed here
2,
} accept
}
}
list ruleset
root at not-omega:~# nft --file tmp.nft
tmp.nft:12:43-43: Error: syntax error, unexpected newline, expecting comma
or '}'
# comments AREN'T allowed here
^
tmp.nft:13:14-14: Error: syntax error, unexpected comma
2,
^
tmp.nft:14:11-16: Error: syntax error, unexpected accept, expecting newline
or semicolon
} accept
^^^^^^
PS: it also doesn't allow blank lines, e.g.
add table x
add chain x y
add rule x y ip saddr {
1,
2,
} accept
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190827/00a78f0f/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jan-28 20:00 UTC
[Bug 1196] nft does not allow comments within sets: Error: syntax error, unexpected newline
https://bugzilla.netfilter.org/show_bug.cgi?id=1196
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200128/dd36eef6/attachment.html>
bugzilla-daemon at netfilter.org
2020-Dec-03 03:07 UTC
[Bug 1196] nft does not allow comments within sets: Error: syntax error, unexpected newline
https://bugzilla.netfilter.org/show_bug.cgi?id=1196
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1461
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201203/73213c75/attachment.html>
Maybe Matching Threads
- [Bug 1347] New: ebtables-nft: regression in -o option
- [Bug 1394] New: "Bad argument `ACCEPT'" when iptables-restore (nft) parses stdin
- [Bug 1073] New: inet-service vs icmp conflict
- [Bug 1298] New: Issue with REJECT in custom chains
- [Bug 1383] New: When using include, nft shows the wrong file name in errors