[Bug 1178] New: Provide better error messaging when a rule can't be executed in its context

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Aug 24 00:46:15 CEST 2017


https://bugzilla.netfilter.org/show_bug.cgi?id=1178

            Bug ID: 1178
           Summary: Provide better error messaging when a rule can't be
                    executed in its context
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: netfilter at allycomm.com

Observed Behavior:
==================

nftables.conf:3:1-14: Error: Could not process rule: Operation not supported
flush ruleset
^^^^^^^^^^^^^^

(when a chain with an snat expression was placed into a prerouting-hook chain
through a copy-paste error in chain creation)


Expected Behavior:
==================

The error message would point to the line in the file that contained the
unsupported operation. 


To Replicate:
=============

$ cat nftables.conf 
#!/usr/sbin/nft -f

flush ruleset

table ip nat4 {

     chain nat_rules_postrouting_ipv4 {
         type nat hook prerouting priority 125

         snat 203.0.113.1    # RFC 5737 doc net
         return
     }
}

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170823/b8bafb8a/attachment.html>


More information about the netfilter-buglog mailing list