[Bug 1358] New: Error when atomically replacing rules with symbolic variables
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Jul 25 22:09:38 CEST 2019
https://bugzilla.netfilter.org/show_bug.cgi?id=1358
Bug ID: 1358
Summary: Error when atomically replacing rules with symbolic
variables
Product: nftables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: blocker
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: gdouezangrard at gmail.com
Created attachment 567
--> https://bugzilla.netfilter.org/attachment.cgi?id=567&action=edit
master compilation log
OS: Arch Linux
Kernel: Linux 5.2.2-arch1-1-ARCH
nftables: v0.9.1
With the following `/etc/nftables.conf` file:
#!/sbin/nft -f
define ifs = {lo}
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
}
}
inet filter input iifname $ifs accept
The atomic rule replacement gives the following error:
$ nft flush ruleset ';' include '"/etc/nftables.conf"'
In file included from (null):1:17-51:
/etc/nftables.conf:13:19-37: Error: Could not process rule: No such file or
directory
inet filter input iifname $ifs accept
^^^^^^^^^^^^^^^^^^^
On the contrary, the following commands work as expected:
$ nft flush ruleset
$ nft -f /etc/nftables.conf
Reverting to `nftables v0.9.0` also fixes the issue in the case of atomic
replacement.
Through git bisect, the first offending commit found is:
e5382c0 ("src: Support intra-transaction rule references")
Not sure if it is fixed on master or not, I cannot compile it (make error log
as attachment).
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190725/b0fc49e4/attachment.html>
More information about the netfilter-buglog
mailing list