bugzilla-daemon at netfilter.org
2018-May-03 10:33 UTC
[Bug 1254] New: nft commandline tool can't parse negative priority values.
https://bugzilla.netfilter.org/show_bug.cgi?id=1254
Bug ID: 1254
Summary: nft commandline tool can't parse negative priority
values.
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: bugnftables at mailinator.com
nft add chain raw PREROUTING { type filter hook prerouting priority -300\; }
nft add chain raw PREROUTING { type filter hook prerouting priority -300 \; }
nft: invalid option -- '3'
Tried different variants, tried to escape the - minus and set it into
"&'.
Tried different nftables Versions up to nftables 0.8.2-1 and kernel 4.15.
Build a file and read it with nft -f works, but is not my preferred method.
Regards, Eike
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180503/627e1172/attachment.html>
bugzilla-daemon at netfilter.org
2018-May-03 10:55 UTC
[Bug 1254] nft commandline tool can't parse negative priority values.
https://bugzilla.netfilter.org/show_bug.cgi?id=1254
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at strlen.de
--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to elohh from comment #0)> nft add chain raw PREROUTING { type filter hook prerouting priority -300\;
}
> nft add chain raw PREROUTING { type filter hook prerouting priority -300 \;
}
> nft: invalid option -- '3'
>
> Tried different variants, tried to escape the - minus and set it into
"&'.
Use
nft -- add chain ...
or, better yet,
nft "add chain ... { }"
to prevent the shell from interpreting {, ; etc.
(In this case, -300 is passed as individual argument, and getopt
sees an option "-3" which it won't understand).
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180503/aa8aff19/attachment.html>
bugzilla-daemon at netfilter.org
2018-May-15 10:55 UTC
[Bug 1254] nft commandline tool can't parse negative priority values.
https://bugzilla.netfilter.org/show_bug.cgi?id=1254
Andrey Belkin <belkin_a at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |belkin_a at hotmail.com
--- Comment #2 from Andrey Belkin <belkin_a at hotmail.com> ---
Yes, -- is working.
E.g.:
nft add chain ip nat prerouting \{ type nat hook prerouting priority -- -100 \;
policy accept \; \}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180515/127e7e53/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 15:51 UTC
[Bug 1254] nft commandline tool can't parse negative priority values.
https://bugzilla.netfilter.org/show_bug.cgi?id=1254
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> ---
There is no need to disable getopt with -- when using it with chain priorities
anymore since:
commit fb9cea50e8b370b6931e7b53b1a881d3b95b1c91
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Fri Dec 13 11:32:46 2019 +0100
main: enforce options before commands
This patch turns on POSIXLY_CORRECT on the getopt parser to enforce
options before commands. Users get a hint in such a case:
# nft list ruleset -a
Error: syntax error, options must be specified before commands
nft list ruleset -a
^ ~~
This patch recovers 9fc71bc6b602 ("main: Fix for misleading error with
negative chain priority").
This patch is available in nftables >= 0.9.4
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/53197528/attachment.html>
Apparently Analagous Threads
- [Bug 1255] New: nftables SNAT is not working
- [Bug 1281] New: Using kernel 4.18.10, nft commandline tool or nft -f can't parse negative priority values over -200.
- [Bug 1135] New: When used as a script interpreter, nft fails if extra arguments are passed
- [Bug 1418] New: segfaults when running nft --file foo.nft --echo
- [Bug 1354] New: cat foo.nft | nft -f - produces syntax error not seen with nft -f foo.nft