On Wed, Mar 08, 2017 at 12:28:13AM +0100, Alexander Alemayhu wrote:
> $ iptables-translate -A INPUT -p tcp -s localhost --dport 8000 -j ACCEPT
>
> gives
>
> nft add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 8000 counter accept
> add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 8000 counter accept
>
> with this patch we get
>
> nft add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 8000 counter accept
This is actually a generic problem:
# iptables -I INPUT -p tcp -s localhost
results in:
# iptables-save
# Generated by iptables-save v1.6.1 on Wed Mar 8 10:53:07 2017
*filter
:INPUT ACCEPT [13:1628]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:317]
-A INPUT -s 127.0.0.1/32 -p tcp
-A INPUT -s 127.0.0.1/32 -p tcp
COMMIT
# Completed on Wed Mar 8 10:53:07 2017
Original problem was introduce at:
commit 2d2b5e046aa56a518160716a9ddf9df53fc79c1f
Author: Arpan Kapoor <rpnkpr@xxxxxxxxx>
Date: Thu Mar 17 18:27:19 2016 +0530
libxtables: Replace gethostbyname() with getaddrinfo()
Did you also run iptables tests? See iptables-test.py, although I
guess our test infrastructure is not catching up this case.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
