Hi Pablo,
On Mon, Feb 06, 2023 at 03:28:41PM +0100, Pablo Neira Ayuso wrote:
> Otherwise rules that this chain contains are ignored when expressed
> using the following syntax:
>
> chain inet filter input2 {
> type filter hook input priority filter; policy accept;
> ip saddr 1.2.3.4 tcp dport { 22, 443, 123 } drop
> }
>
> and importing chain definitions like these from another file.
>
> When expanding the chain, remove the rule so the new CMD_OBJ_CHAIN
> case does not expand it again.
>
> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1655
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
This commit happens to break a pretty simple use-case:
# nft -f - <<EOF
flush ruleset
add table inet t
add chain inet t c { type filter hook input priority 0 ; }
add rule inet t c tcp dport 1234 accept
add rule inet t c accept
insert rule inet t c index 1 udp dport 4321 accept
EOF
/dev/stdin:6:30-50: Error: Could not process rule: No such file or directory
insert rule inet t c index 1 udp dport 4321 accept
^^^^^^^^^^^^^^^^^^^^^
