[Bug 1347] ebtables-nft: regression in -o option

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=1347

Florian Westphal <fw at strlen.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fw at strlen.de

--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to Arturo Borrero Gonzalez from comment #0)
> This ruleset:
> 
> # cat ebtables-fwd-no-o-options-allowed.rules
> *filter
> :PVEFW-FORWARD ACCEPT
> :PVEFW-FWBR-OUT ACCEPT
> -A PVEFW-FORWARD -p IPv4 -j ACCEPT
> -A PVEFW-FORWARD -p IPv6 -j ACCEPT
> -A PVEFW-FORWARD -o fwln+ -j PVEFW-FWBR-OUT
> -A FORWARD -j PVEFW-FORWARD
> 
> works in ebtables-legacy but doesn't in ebtables-nft.

Fix:

diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -197,7 +197,8 @@ int ebt_get_current_chain(const char *chain)
        else if (strcmp(chain, "POSTROUTING") == 0)
                return NF_BR_POST_ROUTING;

-       return -1;
+       /* placeholder for user defined chain */
+       return NF_BR_NUMHOOKS;
 }

Let me know and I'll push it to iptables.git.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190702/70248d55/attachment.html>