[Bug 993] New: nft produces incorrect output when a reject rule is added using nft -f

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Dec 30 14:18:02 CET 2014


https://bugzilla.netfilter.org/show_bug.cgi?id=993

            Bug ID: 993
           Summary: nft produces incorrect output when a reject rule is
                    added using nft -f
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Fedora
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: lantw44 at gmail.com

When I inserted this simple rule using 'nft -f':
table inet filter {
    chain input {
        reject with icmp type host-prohibited
    }
}

'nft list table inet filter' showed differenct output:
table inet filter {
    chain input {
        reject
    }
}

Things after the reject command are missing. This problem doesn't happen when
the rule is added using 'nft add rule'.

When I tried to restore the settings produced by 'nft list table inet filter',
it showed 'Error: Could not process rule: Invalid argument' on Fedora 21 (which
uses Linux 3.17.7), but it worked on Fedora rawhide (which uses Linux 3.18.1).

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20141230/1d5a4b30/attachment.html>


More information about the netfilter-buglog mailing list