[pkg-netfilter-team] Bug#887643: Bug#887643: Error: syntax error, unexpected ., expecting comma or '}'
Arturo Borrero Gonzalez
arturo at debian.org
Fri Jan 19 12:31:35 UTC 2018
On 18 January 2018 at 17:41, ad^2 <adsquaired at gmail.com> wrote:
>
> Package: nftables
> Version: 0.8.1-1
> Severity: normal
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate
> ***
>
> * Converting working iptables rules to nft rules.
> * Original iptables rule
> ** -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -i eth0 -p udp -m udp --dport
> 25 -j ACCEPT
> ** -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -i eth0 -p udp -m udp --dport
> 80 -j ACCEPT
> * translated to nftables
> ** nft add map mapper incoming {type ipv4_addr . ipv4_addr .
> inet_service : verdict \;}
> ** nft add rule mapper input ip saddr . ip daddr . tcp dport vmap
> @incoming
> ** nft add element mapper incoming { 10.0.0.0/8 . 10.0.0.0/8 . 25 :
> accept }
>
> * Error
> ** <cmdline>:1:42-42: Error: syntax error, unexpected ., expecting
> comma or '}'
> * This works although its not valid - note CIDR notation is removed.
> ** add element mapper incoming { 10.0.0.0 . 10.0.0.0 . 10050 : accept }
>
> * There is an expectation CIDR notation will work with the ipv4_addr type
> when it works with saddr and daddr..
>
As far as I know, you can't use bit masks (i.e, network addresses) in
concatenations.
More information about the pkg-netfilter-team
mailing list