<html>
    <head>
      <base href="https://bugzilla.netfilter.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - meta hour error with different time-zones"
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1737">1737</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>meta hour error with different time-zones
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>nftables
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>1.0.x
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86_64
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Debian GNU/Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P5
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>nft
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>pablo@netfilter.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>nicolasfort1988@gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>When using meta hour, and also using different time zone (for example
Australia/Sydney), rules are written correctly, but they do not match as
expected.


### Config and date
For example:

table ip vyos_filter {
        chain VYOS_OUTPUT_filter {
                type filter hook output priority filter; policy accept;
                ip daddr 1.1.1.1 meta hour >= "03:01" meta hour < "08:00"
counter packets 1 bytes 84 accept comment "ipv4-OUT-filter-10"
                ip daddr 8.8.8.8 meta hour >= "03:01" meta hour < "14:00"
counter packets 0 bytes 0 accept comment "ipv4-OUT-filter-20"
                counter packets 76 bytes 5652 log prefix
"[ipv4-OUT-filter-default-A]" accept comment "OUT-filter default-action accept"
        }
}

vyos@TEST:~$ date
Fri Feb 23 07:19:16 AM AEDT 2024
###

And after running ping to both hosts, we can check on logs that second rule was
not hit, and we get log for last rule.

### Log 
Feb 23 07:19:33 TEST kernel: [ipv4-OUT-filter-default-A]IN= OUT=eth0
SRC=192.168.0.151 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=30358 DF
PROTO=ICMP TYPE=8 CODE=0 ID=48824 SEQ=1 
####


- nftables version: 1.0.9-1</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>