[Bug 1083] Cannot parse negative priorities from command line

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Fri Feb 10 18:56:09 CET 2017


Phil Sutter <phil at nwl.cc> changed:

           What    |Removed                     |Added
                 CC|                            |phil at nwl.cc
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #1 from Phil Sutter <phil at nwl.cc> ---
This happens due to how nft parses commandline options:
- First, getopt_long() is called (in main.c).
- Then, lex/yacc parses whatever remains.

The leading dash of the negative priority value is picked up by getopt, which
obviously rejects it. I think this neither can nor should be "solved".

Instead, here are two ways how to achieve what you want to do:

1) quote the whole part in curly braces (I usually do that to avoid the shell
picking up the braces by accident:

nft add chain nat prerouting '{ type nat hook prerouting priority -150; }'

2) Use '--' parameter to tell getopt it shall not parse beyond that:

nft -- add chain nat prerouting { type nat hook prerouting priority -150\; }

Since I don't think any workaround in nft is feasible (and good ways to work
around this issue exist), I'm closing this ticket. If you still think this is
an absolute must-have for you, please feel free to reopen.

Cheers, Phil

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170210/b531e9bc/attachment.html>

More information about the netfilter-buglog mailing list