bugzilla-daemon at netfilter.org
2020-Jul-16 11:21 UTC
[Bug 1442] New: Definitions cannot be referenced in chain type configuration
https://bugzilla.netfilter.org/show_bug.cgi?id=1442 Bug ID: 1442 Summary: Definitions cannot be referenced in chain type configuration Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: phillc at gmail.com I've looked through the documentation, and through previous bugs to attempt to establish if this is a bug, not a feature, or just WAD but haven't been able to find much info. Having set interface definitions at the top of nftables.conf define $if_main = ens33 The definition works fine in subsequent rule configuration, but does not work in chain type definitions. I am attempting to introduce configuration portability for an ingress hook chain by doing this: table netdev filter { chain Main_Ingress { type filter hook ingress device $if_main priority -500; policy accept; } However I get "Error: syntax error, unexpected '$', expecting string or quoted string or string with a trailing asterisk". OS: Ubuntu 20.04 kernel 5.4.0-40-generic nftables/focal 0.9.3-2 via apt package -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200716/2ed263f0/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-30 19:51 UTC
[Bug 1442] Definitions cannot be referenced in chain type configuration
https://bugzilla.netfilter.org/show_bug.cgi?id=1442 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- Upstream fix: commit d100e2d811749bf34bb6aeac322052c56661c124 Author: Pablo Neira Ayuso <pablo at netfilter.org> Date: Thu Jul 16 14:36:28 2020 +0200 src: allow to use variables in flowtable and chain devices Running a quick test here: # cat x.nft define if_main = lo table netdev filter { chain Main_Ingress { type filter hook ingress device $if_main priority -500; policy accept; } } # nft -f x.nft Works fine, thank you for reporting. Closing. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200730/c6fc1677/attachment.html>