[Bug 1302] iptables v1.8.0 (nf_tables) has a problem inverting in-interface and maybe out
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sun Jul 14 11:09:46 CEST 2019
https://bugzilla.netfilter.org/show_bug.cgi?id=1302
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
CC| |fw at strlen.de
Status|NEW |RESOLVED
--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to trever from comment #0)
> From a script that works with plain iptables:
> iptables -A INPUT -i \!ppp0 -p udp --destination-port 53 -j ACCEPT
>
> # iptables-nft -A INPUT -i \!ppp0 -p tcp --destination-port 53 -j ACCEPT
>
> does not work!
>
> In part it yields:
>
> iifname "!ppp0" ip protocol tcp counter packets 0 bytes 0 accept
>
> in nft list ruleset
>
> I believe that is supposed to be
>
> iifname != "ppp0" ip protocol tcp counter packets 0 bytes 0 accept.
No, its doing exactly what iptables is doing in this case.
You need to use
\! -i ppp0
(extra-positioned negation) instead.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190714/f2e1fa6e/attachment.html>
More information about the netfilter-buglog
mailing list