[Bug 908] New: "not" keyword not implemented in nft

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Fri Feb 21 23:00:14 CET 2014


           Summary: "not" keyword not implemented in nft
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: Gentoo
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: jojkvtma at outlook.com
   Estimated Hours: 0.0

nftables-0.099, and current head in GIT define the token NOT, but the parser
does not make use of it anywhere.  The iptables rules I am trying to port to
nftables include some which need the ability to invoke a verdict when a given
expression is false, such as
   ...bunch o' stuff that "should" handle all non-icmp traffic
   nft add rule ip filter input not icmp log prefix "Unexpected traffic: "

or, for a subnet which should be isolated to a specific interface, rejecting
packets claiming to belong to that subnet but coming from a different
   nft add rule ip filter input ip saddr not iif eth2 counter

Both of the above currently throw a syntax error:
  Error: syntax error, unexpected !

Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list