ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080}
is printed as
redirect to :tcp dport map { 22 : 8000, 80 : 8080}
but that input yields:
Error: transport protocol mapping is only valid after transport protocol match
so kill dependencies beforehand so nft won't remove it.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/netlink_delinearize.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 754a307e99f5..2126cf20c995 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2363,8 +2363,10 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r
case STMT_NAT:
if (stmt->nat.addr != NULL)
expr_postprocess(&rctx, &stmt->nat.addr);
- if (stmt->nat.proto != NULL)
+ if (stmt->nat.proto != NULL) {
+ payload_dependency_reset(&rctx.pdctx);
expr_postprocess(&rctx, &stmt->nat.proto);
+ }
break;
case STMT_REJECT:
stmt_reject_postprocess(&rctx);
--
2.16.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
