[Bug 1302] New: iptables v1.8.0 (nf_tables) has a problem inverting in-interface and maybe out
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Nov 20 01:11:20 CET 2018
https://bugzilla.netfilter.org/show_bug.cgi?id=1302
Bug ID: 1302
Summary: iptables v1.8.0 (nf_tables) has a problem inverting
in-interface and maybe out
Product: iptables
Version: CVS (please indicate timestamp)
Hardware: x86_64
OS: All
Status: NEW
Severity: major
Priority: P5
Component: iptables
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: trever at middleearth.sapphiresunday.org
>From a script that works with plain iptables:
iptables -A INPUT -i \!ppp0 -p udp --destination-port 53 -j ACCEPT
# iptables-nft -A INPUT -i \!ppp0 -p tcp --destination-port 53 -j ACCEPT
does not work!
In part it yields:
iifname "!ppp0" ip protocol tcp counter packets 0 bytes 0 accept
in nft list ruleset
I believe that is supposed to be
iifname != "ppp0" ip protocol tcp counter packets 0 bytes 0 accept.
I am afraid my attempts at finding why this is have not yielded any good
results.
This is the only thing keeping me from moving to iptables-nft from iptables and
nft from ipset. I suppose one final thing. ipset had swap to swap one live set
for another. I have some very large sometimes drastically change sets and this
helps speed things up tremendously.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181120/b8dd9a84/attachment.html>
More information about the netfilter-buglog
mailing list