[Bug 1302] iptables v1.8.0 (nf_tables) has a problem inverting in-interface and maybe out

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sun Jul 14 11:09:46 CEST 2019


Florian Westphal <fw at strlen.de> changed:

           What    |Removed                     |Added
         Resolution|---                         |INVALID
                 CC|                            |fw at strlen.de
             Status|NEW                         |RESOLVED

--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to trever from comment #0)
> From a script that works with plain iptables:
> iptables -A INPUT -i \!ppp0 -p udp --destination-port 53 -j ACCEPT
> # iptables-nft -A INPUT -i \!ppp0 -p tcp --destination-port 53 -j ACCEPT
> does not work!
> In part it yields:
> iifname "!ppp0" ip protocol tcp counter packets 0 bytes 0 accept
> in nft list ruleset
> I believe that is supposed to be 
> iifname != "ppp0" ip protocol tcp counter packets 0 bytes 0 accept.

No, its doing exactly what iptables is doing in this case.
You need to use

\! -i ppp0

(extra-positioned negation) instead.

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190714/f2e1fa6e/attachment.html>

More information about the netfilter-buglog mailing list