[Bug 1404] Problems with dynamically managing interval sets with auto-merge
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu May 7 21:18:13 CEST 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1404
Frank Myhr <fmyhr at fhmtech.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fmyhr at fhmtech.com
--- Comment #1 from Frank Myhr <fmyhr at fhmtech.com> ---
Hit this one today. I've nothing to add to the thorough bug report, which
describes the behavior I observed to a tee.
Comments on workarounds:
1: Can confirm that removing auto-merge fixed the problem in my case as well.
2: Flushing the set in a separate call to nft prior to re-populating it loses
atomicity of the combined operation. If the set is used as an ACL (likely, as
this is a firewall after all), the brief time interval during which the set is
empty can result in unintended network access (or unintended blocking of such
access).
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200507/fa592210/attachment.html>
More information about the netfilter-buglog
mailing list