Displaying 1 result from an estimated 1 matches for "some_other_address".
2019 Dec 04
2
[Bug 1385] New: Incorrectly evaluated expression with negated ip saddr and negated ip daddr
...noticed, that there an expression which contains both an ip daddr and an ip
saddr subexpression and both are negated, it seems as if only one of them needs
to match in order that the whole expression matches.
The following example triggers the bug:
define my_address = <IPv4 address>
define some_other_address = 1.2.3.4
table ip filter {
chain output {
type filter hook output priority 0; policy accept;
ip saddr != $my_address drop
ip saddr != $my_address ip daddr != $some_other_address log group 1
queue-threshold 1
}
}
Because the first rule...