[Bug 1465] [vmap] ct state concatenation not working
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed Sep 23 12:25:01 CEST 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1465
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to vtolkm from comment #0)
> kernel 5.9.0-rc6 armv7l | nft 0.9.6
>
> works:
>
> ct state vmap { 1: drop, 2: accept, 4: accept }
hm. this is hard to read, why not simply use the existing flag definitions?
ct state vmap { invalid: drop, established: accept, related: accept }
> not working:
>
> ct state vmap { 1: drop, 2 . 4: accept }
hm, this syntax is not correct. Why are you using a concatenation here?
Instead, you can combine flags via:
ct state vmap { invalid: drop, established,related: accept, related: accept }
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200923/994baf87/attachment.html>
More information about the netfilter-buglog
mailing list