[Bug 1455] New: Queue verdict cannot be used in vmap
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Aug 27 19:08:04 CEST 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1455
Bug ID: 1455
Summary: Queue verdict cannot be used in vmap
Product: nftables
Version: unspecified
Hardware: arm
OS: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: phillc at gmail.com
I'm not sure if this is a bug, not implemented, or as designed.
I am trying to use a vmap to direct traffic to NFQueue when specific criteria
are matched.
The map has been defined and a rule using it:
table ip filter {
map AppControl_TCP {
type ipv4_addr . ipv4_addr . inet_service : verdict
}
chain Forward {
type filter hook forward priority filter; policy drop;
ip saddr . ip daddr . tcp dport vmap @AppControl_TCP
}
...
}
But I cannot assign the verdict "queue num 3" to the map. The following error
is returned when importing the ruleset with nft -f.
"
nft-map-appcontrol-tcp.conf:2:66-70: Error: syntax error, unexpected queue
add element ip filter AppControl_TCP {10.1.1.1 . 10.1.1.100 . 502 : queue num
3} ^^^^^
"
I have worked around this for now by using 'goto AppControl' as the vmap
verdict and then adding "queue num 3" as the only rule in the chain
'AppControl'. It would be great if the queue verdict would work in the vmap
though.
Thanks
--------------------------------------------
OS: Ubuntu 20.04
Kernel: Ubuntu 5.4.0-1015.15-raspi 5.4.44
nftables/focal,now 0.9.3-2 arm64
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200827/0998b99f/attachment.html>
More information about the netfilter-buglog
mailing list