Hello,
are the problems with some named icmp types known?
I'm talking about
host ~ # nft add rule ip6 filter input icmpv6 type { param-problem } accept
<cmdline>:1:41-53: Error: syntax error, unexpected param-problem
add rule ip6 filter input icmpv6 type { param-problem } accept
^^^^^^^^^^^^^
host ~ # nft add rule filter input icmp type { redirect } accept
<cmdline>:1:35-42: Error: syntax error, unexpected redirect
add rule filter input icmp type { redirect } accept
Having had a quick look the source, the first one seems to come from the
fact that "param-problem" is a token as well as an icmpv6-type name.
I haven't looked at the second problem, but I assume it's similiar,
because "redirect" is now a token too.
Both problems can be cirumvented by using their code instead of name (4
or 5), but then another problem will arise when trying to save/restore a
nft ruleset.
E.g. if you call
nft add rule filter input icmp type { 5 } accept
nft list table filter
will show it with the type name, so restoring will fail.
As I'm not familiar with parser, I thought it might be a good idea to
ask here before I start to think about trying to solve the problem myself.
Regards,
Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
