[Bug 1358] Error when atomically replacing rules with symbolic variables
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Oct 7 11:18:29 CEST 2019
https://bugzilla.netfilter.org/show_bug.cgi?id=1358
gdouezangrard at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #3 from gdouezangrard at gmail.com ---
1. I don't need to test your example to know that it doesn't work. The fixed
version is the following (I removed the "inet filter input" prefix):
#!/sbin/nft -f
define ifs = { lo }
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
iifname $ifs accept
}
}
2. It is perfectly allowed to "put rules outside of the brackets". It is
especially useful when rules are generated automatically and imported in the
main configuration file that defines the tables / chains. It's just a different
syntax for the same thing. Moreover, I already explained in the main report
that it worked properly before, and it worked successfully with nftables v0.9.1
*except* when doing atomic rule replacement.
3. Finally, the issue was solved with the release of nftables v0.9.2.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191007/dd08702c/attachment.html>
More information about the netfilter-buglog
mailing list