On Thu, Jul 17, 2014 at 12:37:43AM +0900, Ryo Fujita wrote:
> Hi,
>
> I’m still a newbie to nftables and couldn’t distinguish right behavior from a bug.
>
> I found a weird behavior of nft command.
>
> # nft -f /etc/nftables/inet-filter
> # nft add rule inet filter input log drop
> # nft add rule inet filter input ip saddr 192.168.1.21 // without any action like ‘drop’, ‘accept’, ‘log’ and so on
> # nft list chain inet filter input
> table inet filter {
> chain input {
> type filter hook input priority 0;
> log drop
> ^C << - - - - - - - break
>
> I have 2 questions.
>
> 1. Adding a rule without any action didn’t result any error. Was it correct behavior?
You can add rules without any action.
> 2. After adding a rule, nft didn’t return, needed to break, ^C. Was it a bug?
Try -n to disabling name resolution:
# nft -n list table inet filter
> My environment was as followings.
> nftables-0.100-3.20140704git.fc21.x86_64
Please, use latest when testing.
http://www.netfilter.org/projects/nftables/downloads.html
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
