search for: filter_input

...at netfilter.org Reporter: kees.dejong+dev at neobits.nl Tested and confirmed the following bug on Debian 10 (nftables-0.9.0-2 on kernel 5.4.51-v7l+) and Fedora 32 (nftables-0.9.3-3.fc32.x86_64 on kernel 5.8.12-200.fc32.x86_64). I use the following command: `nft add rule inet firewalld filter_INPUT iifname "eth0" ip saddr { 172.27.10.0/24, 172.27.11.0/24 } ip daddr 172.27.10.0/24 ct state new accept` Which is processed in the running configuration as: `iifname "eth0" ip saddr { 172.27.10.0/23 } ip daddr 172.27.10.0/24 ct state new accept` Notice that the subnet has becom...