bugzilla-daemon at netfilter.org
2018-Dec-03 16:25 UTC
[Bug 1307] New: Implement interface for 'ipv4_addr' in arptables
https://bugzilla.netfilter.org/show_bug.cgi?id=1307
Bug ID: 1307
Summary: Implement interface for 'ipv4_addr' in arptables
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: kvapss at gmail.com
There is only way for specify IPv4 address for arp filters for now:
plen 4 @nh,64,32 XXXXXXXXXX (source ip)
plen 4 @nh,96,32 XXXXXXXXXX destination ip)
Where XXXXXXXXXX is ip in decimal format.
Need opportunity for specify source and destination IPv4 address same way like
saddr and daddr.
We need more user-friendly keys and support 'ipv4_addr' type for them.
Using ipsets for arptables is not working because of that too:
> Error: datatype mismatch, expected integer, expression has type IPv4
address
> add rule arp filter input arp operation request arp plen 4 @nh,96,32
@k8s_services counter drop
> ~~~~~~~~~
^^^^^^^^^^^^^
And no way for using integers in sets:
https://www.spinics.net/lists/netfilter-devel/msg36817.html
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181203/44c1ee00/attachment.html>
bugzilla-daemon at netfilter.org
2018-Dec-03 16:27 UTC
[Bug 1307] Implement interface for 'ipv4_addr' in arptables
https://bugzilla.netfilter.org/show_bug.cgi?id=1307 --- Comment #1 from kvaps <kvapss at gmail.com> --- Look this two links for more details: - https://serverfault.com/a/942166/205043 - https://github.com/kubernetes/kubernetes/issues/71555#issuecomment-442873298 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181203/bf75527f/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-12 10:42 UTC
[Bug 1307] Implement interface for 'ipv4_addr' in arptables
https://bugzilla.netfilter.org/show_bug.cgi?id=1307
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at strlen.de
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Florian Westphal <fw at strlen.de> ---
(In reply to kvaps from comment #1)> Look this two links for more details:
>
> - https://serverfault.com/a/942166/205043
> -
>
https://github.com/kubernetes/kubernetes/issues/71555#issuecomment-442873298
nftables 0.9.1 comes with:
# nft add rule arp x y arp saddr ip 192.168.2.1 counter
# nft add rule arp x y arp saddr ether aa:bb:cc:aa:bb:cc drop counter
so marking this as fixed.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/5c365cc7/attachment.html>
Reasonably Related Threads
- [ANNOUNCE] arptables 0.0.5 release
- [Bug 994] New: Named sets with type "ipv4_addr" do not allow adding CIDR elements
- [Bug 1352] New: After adding map type ipv4_addr : counter it behaves as a set
- OT : iptables/arptables question
- CESA-2009:1307 Low CentOS 5 i386 ecryptfs-utils Update