[Bug 1287] New: rule for 0.0.0.0/8 is added as 0.0.0.0/0

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Fri Nov 2 09:51:26 CET 2018


https://bugzilla.netfilter.org/show_bug.cgi?id=1287

            Bug ID: 1287
           Summary: rule for 0.0.0.0/8 is added as 0.0.0.0/0
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: iptables over nftable
          Assignee: pablo at netfilter.org
          Reporter: arturo at debian.org

Bug forwarded from Debian: https://bugs.debian.org/912607

Using iptables-nft, the problem can be reproduced as follows:

# iptables -A  OUTPUT -s 127.0.0.1 -d 0.0.0.0/8 -j DROP

The following rule is then added to the OUTPUT chain:

DROP       all  --  127.0.0.1            0.0.0.0/0           

The expectation would be:

DROP       all  --  127.0.0.1            0.0.0.0/8           

According to the original report this doesn't seems to be a printing issue,
kernel seems to be actually using a 0/0 rule instead of 0/8.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181102/7697950a/attachment.html>


More information about the netfilter-buglog mailing list