This patch set fixes various bugs in xtables bridge netfilter: - interface wildcard matching was broken - interface negation did not work - a all-zero mask was ignored rather than tested. This also removes duplicated code by reusing ipt command state. extensions/libebt_ip.txlate | 18 - extensions/libebt_ip6.txlate | 20 +- extensions/libebt_vlan.txlate | 8 iptables/nft-bridge.c | 399 +++++++++++++++------------------------- iptables/nft-bridge.h | 59 ----- iptables/nft-shared.c | 53 +++-- iptables/nft-shared.h | 1 iptables/xshared.h | 32 +++ iptables/xtables-eb-translate.c | 82 +++----- iptables/xtables-eb.c | 88 +++----- iptables/xtables-restore.c | 41 ++-- iptables/xtables-save.c | 41 +++- iptables/xtables-translate.c | 18 + 13 files changed, 386 insertions(+), 474 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
