[Bug 908] New: "not" keyword not implemented in nft
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri Feb 21 23:00:14 CET 2014
https://bugzilla.netfilter.org/show_bug.cgi?id=908
Summary: "not" keyword not implemented in nft
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Gentoo
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy: jojkvtma at outlook.com
Estimated Hours: 0.0
nftables-0.099, and current head in GIT define the token NOT, but the parser
does not make use of it anywhere. The iptables rules I am trying to port to
nftables include some which need the ability to invoke a verdict when a given
expression is false, such as
...bunch o' stuff that "should" handle all non-icmp traffic
nft add rule ip filter input not icmp log prefix "Unexpected traffic: "
or, for a subnet which should be isolated to a specific interface, rejecting
packets claiming to belong to that subnet but coming from a different
interface:
nft add rule ip filter input ip saddr 10.20.30.0/24 not iif eth2 counter
drop
Both of the above currently throw a syntax error:
Error: syntax error, unexpected !
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list