bugzilla-daemon at netfilter.org
2020-Mar-26 00:16 UTC
[Bug 1414] New: Using ip6 daddr in nat input chain is rejected with an incorrect error
https://bugzilla.netfilter.org/show_bug.cgi?id=1414
Bug ID: 1414
Summary: Using ip6 daddr in nat input chain is rejected with an
incorrect error
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: avamander at gmail.com
nft version: nftables v0.9.2 (Scram)
Example config:
```
table ip nat {
chain input {
type nat hook input priority 0;
ip6 daddr ::1/128 accept;
}
}
```
Error:
```
/etc/nftables.conf:186:3-11: Error: conflicting protocols specified: ip vs. ip6
ip6 daddr ::1/128 accept;
^^^^^^^^^
```
It should output a reasonable error.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200326/23a77668/attachment.html>
bugzilla-daemon at netfilter.org
2020-Mar-26 09:48 UTC
[Bug 1414] Using ip6 daddr in nat input chain is rejected with an incorrect error
https://bugzilla.netfilter.org/show_bug.cgi?id=1414
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Avamander from comment #0)> nft version: nftables v0.9.2 (Scram)
>
> Example config:
> ```
> table ip nat {
Table is 'ip', use 'ip6' instead (or 'inet' if you want
a dual ip/ip6 table)
> chain input {
> type nat hook input priority 0;
> ip6 daddr ::1/128 accept;
> }
> }
> ```
>
> Error:
> ```
> /etc/nftables.conf:186:3-11: Error: conflicting protocols specified: ip vs.
> ip6
> ip6 daddr ::1/128 accept;
> ^^^^^^^^^
This example uses 'ip6', hence the error.
> ```
>
> It should output a reasonable error.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200326/b6342ba0/attachment.html>
bugzilla-daemon at netfilter.org
2020-Mar-26 12:04 UTC
[Bug 1414] Using ip6 daddr in nat input chain is rejected with an incorrect error
https://bugzilla.netfilter.org/show_bug.cgi?id=1414 --- Comment #2 from Avamander <avamander at gmail.com> --- Exactly, the error is misleading, it should highlight that the conflict is between the table and ip6 not between ip6 and daddr. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200326/5356bd2c/attachment.html>
Maybe Matching Threads
- [Bug 1385] New: Incorrectly evaluated expression with negated ip saddr and negated ip daddr
- [Bug 1397] New: What am I doing wrong!?
- [Bug 1399] New: tables/chains priority doesn't work
- [Bug 1310] New: syntax issue with tproxy
- [Bug 1032] nftables-0.5 fails to import ip6 tables when loopback address provided as both src and dst addr