This is a temporary workaround mechanism until variable interface hardware address length can be handled through nftables. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@xxxxxxxxxxxxxxx> --- iptables/xtables-arp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c index 18f285c..5ab0fb4 100644 --- a/iptables/xtables-arp.c +++ b/iptables/xtables-arp.c @@ -1145,6 +1145,13 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table) invert); getlength_and_mask(argv[optind - 1], &fw.arp.arhln, &fw.arp.arhln_mask); + + if (fw.arp.arhln != 6) { + xtables_error(PARAMETER_PROBLEM, + "Only harware address length of" + " 6 is supported currently."); + } + break; case 8:/* protocol length */ -- 1.8.4.2 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html