Hi Pablo-san and all, Thank you so much! You made me clear. > You can add rules without any action. I understand it’s the spec not a bug. > Try -n to disabling name resolution: > > # nft -n list table inet filter Yes, I check that reverse lookup fails as you pointed out. >> My environment was as followings. >> nftables-0.100-3.20140704git.fc21.x86_64 > > Please, use latest when testing. > > http://www.netfilter.org/projects/nftables/downloads.html The reason why I’m using the slight old version is to write a magazine article introducing nftables. It’s easy for readers to install the version I checked with RPM or archive like 'nftables-0.3’. Anyway, I’ll test the latest before sending a report to this ML. Best Rio. 2014/07/17 1:07、Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> のメール: > On Thu, Jul 17, 2014 at 12:37:43AM +0900, Ryo Fujita wrote: >> Hi, >> >> I’m still a newbie to nftables and couldn’t distinguish right behavior from a bug. >> >> I found a weird behavior of nft command. >> >> # nft -f /etc/nftables/inet-filter >> # nft add rule inet filter input log drop >> # nft add rule inet filter input ip saddr 192.168.1.21 // without any action like ‘drop’, ‘accept’, ‘log’ and so on >> # nft list chain inet filter input >> table inet filter { >> chain input { >> type filter hook input priority 0; >> log drop >> ^C << - - - - - - - break >> >> I have 2 questions. >> >> 1. Adding a rule without any action didn’t result any error. Was it correct behavior? > > You can add rules without any action. > >> 2. After adding a rule, nft didn’t return, needed to break, ^C. Was it a bug? > > Try -n to disabling name resolution: > > # nft -n list table inet filter > >> My environment was as followings. >> nftables-0.100-3.20140704git.fc21.x86_64 > > Please, use latest when testing. > > http://www.netfilter.org/projects/nftables/downloads.html > > Thanks. ######################################################################## Ryo Fujita <rfujita@xxxxxxxxxx> Supervisor, Solution Architects, RHCE Red Hat K.K. TEL +81-3-5798-8500 FAX +81-3-5798-8599 Ebisu Neonato 8F, 4-1-18 Ebisu, Shibuya-ku, Tokyo Japan 1500013 レッドハット株式会社 グローバルサービス本部プラットフォームソリューション統括部 ソリューションアーキテクト部長 藤田 稜 〒150-0013 東京都渋谷区恵比寿4-1-18 恵比寿ネオナート8階 Tel 03-5798-8500 http://www.jp.redhat.com/ Please consider the environment before printing this e-mail. ######################################################################## -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
