[Bug 1200] New: anonymous sets containing port numbers

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Nov 6 20:18:28 CET 2017


            Bug ID: 1200
           Summary: anonymous sets containing port numbers
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Gentoo
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: bugzilla at hard-wired.net

notables 0.8 will fail. 0.7 was working.

A nft rule contains an anonymous set with port numbers will just be ignored :

this will fail :

tcp dport { ftp, ssh, smtp, domain, http } accept

This will works :

set output_tcp_sports {
    type inet_service
    elements = { ssh, smtp, domain, http }

tcp dport @output_tcp_dports accept

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171106/e15d63bd/attachment.html>

More information about the netfilter-buglog mailing list