search for: filter_input

...at netfilter.org Reporter: kees.dejong+dev at neobits.nl Tested and confirmed the following bug on Debian 10 (nftables-0.9.0-2 on kernel 5.4.51-v7l+) and Fedora 32 (nftables-0.9.3-3.fc32.x86_64 on kernel 5.8.12-200.fc32.x86_64). I use the following command: `nft add rule inet firewalld filter_INPUT iifname "eth0" ip saddr { 172.27.10.0/24, 172.27.11.0/24 } ip daddr 172.27.10.0/24 ct state new accept` Which is processed in the running configuration as: `iifname "eth0" ip saddr { 172.27.10.0/23 } ip daddr 172.27.10.0/24 ct state new accept` Notice that the subnet has becom...

..."}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "filter_IN_internal"}}]}}}, {"insert"...