[Bug 1262] New: nft insert rule ignores space in prefix value
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Jun 18 13:11:53 CEST 2018
https://bugzilla.netfilter.org/show_bug.cgi?id=1262
Bug ID: 1262
Summary: nft insert rule ignores space in prefix value
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: ikonta at yandex.ru
My kernel is:
Linux tux 4.9.95-gentoo #2 SMP Fri May 25 11:35:57 MSK 2018 x86_64 AMD
Athlon(tm) II X2 250 Processor AuthenticAMD GNU/Linux
I use standard log target to monitor dropped packages.
When I add/modify ruleset creating table, i.e.:
tux ~ # /sbin/nft delete table filter
tux ~ # /sbin/nft -f fw.me
fw.me file has the following contents:
table ip filter {
chain input {
type filter hook input priority 0;
# accept traffic originated from us
ct state established,related accept
# accept any localhost traffic
iif lo accept
# log and drop any other traffic
log prefix "nftables " drop
}
}
everything is as expected, I see the following strings in dmesg:
dmesg:
[15648.869932] nftables IN=lan0 OUT= MAC=…
But when I refresh ruleset without recreation filter table, with the following
script:
#!/bin/sh
#
/sbin/nft flush table filter
#
/sbin/nft insert rule filter input log prefix "nftables " drop
# other filtering rules
I see space in log prefix vaule is ingored.
dmesg shows the following strings:
dmesg:
[15783.270898] nftablesIN=lan0 OUT= MAC=…
P.S. Utility version:
# equery b /sbin/nft
* Searching for /sbin/nft ...
net-firewall/nftables-0.8-r3 (/sbin/nft)
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180618/21d68393/attachment.html>
More information about the netfilter-buglog
mailing list