[Bug 1057] New: Allow for multiple protocols to be specified in a rule

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Mar 8 18:15:32 CET 2016


https://bugzilla.netfilter.org/show_bug.cgi?id=1057

            Bug ID: 1057
           Summary: Allow for multiple protocols to be specified in a rule
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: karol at babioch.de

Since DNS is allowed over both UDP as well as TCP, I have to specify two rules
each time I want to allow DNS traffic. This looks something like this:

    oif eth0 udp dport domain accept
    oif eth0 tcp dport domain accept

In an example found online [1] someone showed the following example:

    {udp, tcp} sport domain ip daddr 127.0.0.1 accept

Apparently this was never tested. At least it doesn't work for me. For the
example above it would look something like this:

    oif eth0 {udp, tcp} dport domain accept

This would make rulesets easier to read, which is why I want to suggest this as
future enhancement.

[1]: https://home.regit.org/2014/01/why-you-will-love-nftables/

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160308/6f8aa647/attachment.html>


More information about the netfilter-buglog mailing list