Hi,
I'm trying to build a slightly complex home router firewall using nftables
(will share once it is done).
using nft v 0.6, I get a segfault.
Backtrace :
#0 __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:209
#1 0x0000000000406c74 in set_lookup ()
#2 0x000000000040fd80 in setelem_evaluate ()
#3 0x000000000042a5ed in nft_parse ()
#4 0x0000000000405ffd in nft_run ()
#5 0x0000000000405bfe in main ()
minimal config to reproduce:
define if_wan = wan
table inet filter{
map iface_rules {type iface_index : verdict;}
chain forward {
type filter hook forward priority 0; policy drop;
oif $if_wan accept
}
}
add element inet filter iface_rules { lo : accept }
if_wan must be set to a non-existant interface.
commenting out oif $if_wan accept also works around it.
Martin.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
