<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - nft fails to parse own output; unable to save-restore active state"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1188">1188</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>nft fails to parse own output; unable to save-restore active state
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>critical
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>nft
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>netfilter@allycomm.com
</td>
</tr></table>
<p>
<div>
<pre>At least as the man page describes, the output of
# nft list ruleset > ruleset.prod
should be parseable by
# nft -f ruleset.prod
and provide restoration of the state at the time.
"Note that contrary to what one might assume, the output generated by export is
not parseable by nft -f. Instead, the output of list command serves well for
that purpose."
nft, however, failed to parse its own output in the following case:
$ sudo sh -c 'nft list ruleset > ruleset.prod '
$ sudo nft -f ruleset.prod
ruleset.prod:47:38-46: Error: syntax error, unexpected string, expecting comma
or '}'
::ffff:0.0.0.0/96,
^^^^^^^^^
ruleset.prod:48:30-35: Error: syntax error, unexpected string
2001::/32,
^^^^^^
ruleset.prod:49:30-38: Error: syntax error, unexpected string
2001:10::/28,
^^^^^^^^^
ruleset.prod:50:30-39: Error: syntax error, unexpected string
2001:db8::/32,
^^^^^^^^^^
ruleset.prod:51:30-35: Error: syntax error, unexpected string
2002::/16,
^^^^^^
ruleset.prod:52:30-35: Error: syntax error, unexpected string
3ffe::/16,
^^^^^^
ruleset.prod:53:30-35: Error: syntax error, unexpected string
5f00::/8,
^^^^^^
ruleset.prod:54:30-35: Error: syntax error, unexpected string
fc00::/7,
^^^^^^
ruleset.prod:55:30-35: Error: syntax error, unexpected string
fe80::/10 }
^^^^^^
--- ruleset.prod excerpt ---
43 set blackhole_ipv6 {
44 type ipv6_addr
45 flags interval
46 elements = { ::/127,
47 ::ffff:0.0.0.0/96,
48 2001::/32,
49 2001:10::/28,
50 2001:db8::/32,
51 2002::/16,
52 3ffe::/16,
53 5f00::/8,
54 fc00::/7,
55 fe80::/10 }
56 }
Ubuntu 17.04
4.10.0-35-generic #39-Ubuntu SMP Wed Sep 13 07:46:59 UTC 2017 x86_64 x86_64
x86_64 GNU/Linux
commit b873a1731d2481851c57eab3dcf3e719e9d45b50
Author: Pablo Neira Ayuso <<a href="mailto:pablo@netfilter.org">pablo@netfilter.org</a>>
Date: Mon Oct 2 18:20:17 2017 +0200
libmnl$ git log -1
commit fbe0f33b45abd585eb9f52cb56d751a750667dc6
Author: Guillaume Nault <<a href="mailto:g.nault@alphalink.fr">g.nault@alphalink.fr</a>>
Date: Wed Aug 3 12:52:34 2016 +0200
libnftnl$ git log -1
commit 72386012200a96f9bb721ab4ddb5a9325c68c5f7
Author: Varsha Rao <<a href="mailto:rvarsha016@gmail.com">rvarsha016@gmail.com</a>>
Date: Wed Sep 20 21:53:09 2017 +0530</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>