Regression 1.0.9..1.1.1 in glob inclusion behaviour

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello netfilter users and devs,

Following upgrade to 1.1.1 i've noticed strange behavior in the inclusion of my netfilter rulesets. Entries included via glob were duplicated. This only occurs when both -I and -f is used, due to the follwing commits:

6ef04f99382c074c3669de31cf0a70651662b261 libnftables: search for default include path last
302e9f8b3a1382cf09db32541693b5df7d80ca1e libnftables: add base directory of -f/--filename to include path

Steps to replicate:

Create a directory with one or more rule files.
Include everything in the directory with include 'dir/*' from /etc/nft/rules
Apply the rules with nft -I /etc/nft -f /etc/nft/rules

If the include dir is defined as a command-line parameter then entries are duplicated, while without it they are not.
This was not the case on 1.0.9 before these commits were present.

Has someone worked on a patch for this yet? If not, i might give it a shot myself.

-- 
Alex D.
RedXen System & Infrastructure Administration
https://redxen.eu/

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux