[Bug 1737] New: meta hour error with different time-zones
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Feb 22 21:59:51 CET 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1737
Bug ID: 1737
Summary: meta hour error with different time-zones
Product: nftables
Version: 1.0.x
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: nicolasfort1988 at gmail.com
When using meta hour, and also using different time zone (for example
Australia/Sydney), rules are written correctly, but they do not match as
expected.
### Config and date
For example:
table ip vyos_filter {
chain VYOS_OUTPUT_filter {
type filter hook output priority filter; policy accept;
ip daddr 1.1.1.1 meta hour >= "03:01" meta hour < "08:00"
counter packets 1 bytes 84 accept comment "ipv4-OUT-filter-10"
ip daddr 8.8.8.8 meta hour >= "03:01" meta hour < "14:00"
counter packets 0 bytes 0 accept comment "ipv4-OUT-filter-20"
counter packets 76 bytes 5652 log prefix
"[ipv4-OUT-filter-default-A]" accept comment "OUT-filter default-action accept"
}
}
vyos at TEST:~$ date
Fri Feb 23 07:19:16 AM AEDT 2024
###
And after running ping to both hosts, we can check on logs that second rule was
not hit, and we get log for last rule.
### Log
Feb 23 07:19:33 TEST kernel: [ipv4-OUT-filter-default-A]IN= OUT=eth0
SRC=192.168.0.151 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=30358 DF
PROTO=ICMP TYPE=8 CODE=0 ID=48824 SEQ=1
####
- nftables version: 1.0.9-1
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240222/982d7e10/attachment.html>
More information about the netfilter-buglog
mailing list