[Bug 1188] New: nft fails to parse own output; unable to save-restore active state
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri Oct 6 16:58:08 CEST 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1188
Bug ID: 1188
Summary: nft fails to parse own output; unable to save-restore
active state
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: netfilter at allycomm.com
At least as the man page describes, the output of
# nft list ruleset > ruleset.prod
should be parseable by
# nft -f ruleset.prod
and provide restoration of the state at the time.
"Note that contrary to what one might assume, the output generated by export is
not parseable by nft -f. Instead, the output of list command serves well for
that purpose."
nft, however, failed to parse its own output in the following case:
$ sudo sh -c 'nft list ruleset > ruleset.prod '
$ sudo nft -f ruleset.prod
ruleset.prod:47:38-46: Error: syntax error, unexpected string, expecting comma
or '}'
::ffff:0.0.0.0/96,
^^^^^^^^^
ruleset.prod:48:30-35: Error: syntax error, unexpected string
2001::/32,
^^^^^^
ruleset.prod:49:30-38: Error: syntax error, unexpected string
2001:10::/28,
^^^^^^^^^
ruleset.prod:50:30-39: Error: syntax error, unexpected string
2001:db8::/32,
^^^^^^^^^^
ruleset.prod:51:30-35: Error: syntax error, unexpected string
2002::/16,
^^^^^^
ruleset.prod:52:30-35: Error: syntax error, unexpected string
3ffe::/16,
^^^^^^
ruleset.prod:53:30-35: Error: syntax error, unexpected string
5f00::/8,
^^^^^^
ruleset.prod:54:30-35: Error: syntax error, unexpected string
fc00::/7,
^^^^^^
ruleset.prod:55:30-35: Error: syntax error, unexpected string
fe80::/10 }
^^^^^^
--- ruleset.prod excerpt ---
43 set blackhole_ipv6 {
44 type ipv6_addr
45 flags interval
46 elements = { ::/127,
47 ::ffff:0.0.0.0/96,
48 2001::/32,
49 2001:10::/28,
50 2001:db8::/32,
51 2002::/16,
52 3ffe::/16,
53 5f00::/8,
54 fc00::/7,
55 fe80::/10 }
56 }
Ubuntu 17.04
4.10.0-35-generic #39-Ubuntu SMP Wed Sep 13 07:46:59 UTC 2017 x86_64 x86_64
x86_64 GNU/Linux
commit b873a1731d2481851c57eab3dcf3e719e9d45b50
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Mon Oct 2 18:20:17 2017 +0200
libmnl$ git log -1
commit fbe0f33b45abd585eb9f52cb56d751a750667dc6
Author: Guillaume Nault <g.nault at alphalink.fr>
Date: Wed Aug 3 12:52:34 2016 +0200
libnftnl$ git log -1
commit 72386012200a96f9bb721ab4ddb5a9325c68c5f7
Author: Varsha Rao <rvarsha016 at gmail.com>
Date: Wed Sep 20 21:53:09 2017 +0530
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171006/3776402b/attachment.html>
More information about the netfilter-buglog
mailing list