Am 02.02.21 um 14:21 schrieb Eric Garver:
On Mon, Feb 01, 2021 at 10:50:04PM +0100, Florian Westphal wrote:nft is too greedy when removing icmp dependencies. 'icmp code 1 type 2' did remove the type when printing. Be more careful and check that the icmp type dependency of the candidate expression (earlier icmp payload expression) has the same type dependency as the new expression. Reported-by: Eric Garver <eric@xxxxxxxxxxx> Reported-by: Michael Biebl <biebl@xxxxxxxxxx> Fixes: d0f3b9eaab8d77e ("payload: auto-remove simple icmp/icmpv6 dependency expressions") Signed-off-by: Florian Westphal <fw@xxxxxxxxx> ---Tested-by: Eric Garver <eric@xxxxxxxxxxx> Thanks Florian. This fixes the issue [1] reported against firewalld. [1]: https://github.com/firewalld/firewalld/issues/752
I can confirm that as well. Regards, Michael
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
