[Bug 1456] Consider eliding empty variables if expanded within an element list

Fri Aug 28 12:50:53 CEST 2020

https://bugzilla.netfilter.org/show_bug.cgi?id=1456

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to kfm from comment #0)
> This concerns a minor usability issue that I noticed after evaluting some of
> the criticism in the GitHub issue referenced by bug 1434. In the GitHub
> issue, one critic complains that this sample ruleset does not work as
> expected:
> 
>   define BASE_ALLOWED_INCOMING_TCP_PORTS = {22, 80, 443}
>   define EXTRA_ALLOWED_INCOMING_TCP_PORTS = {}
>   table inet filter {
>     chain input {
>       type filter hook input priority 0; policy drop;
>       tcp dport {$BASE_ALLOWED_INCOMING_TCP_PORTS,
> $EXTRA_ALLOWED_INCOMING_TCP_PORTS} ct state new counter accept
>     }
>   }

I think I fixed this in git, please see:

commit 9297f5b5301b76bb24513b114f905e6fac0a90cd
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Fri Jul 3 13:24:59 2020 +0200

    src: Allow for empty set variable definition

Next version will allow for this kind of empty definition.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200828/82b87276/attachment.html>