[pkg-netfilter-team] Bug#1018156: nftables: list ruleset shows negative ipv6 address
Ross Johnson
ross at homemail.org
Fri Aug 26 05:14:12 BST 2022
Package: nftables
Version: 0.9.8-3.1
Severity: normal
X-Debbugs-Cc: ross at homemail.org
Dear Maintainer,
As shown below, I created a file call "junk" that makes a few simple nftables chains.
When I list the chains, nftables shows what looks like a negative number in the last one.
I would expect it to show the canonical form of ff00::/8 as given in the previous line.
This simple example is extracted from a complex script to show the problem concisely.
root at biden:/srv/nftables# cat junk
#!/usr/sbin/nft -f
flush ruleset
table ip6 whatever {
chain junk {
ip6 saddr ff00::/8 drop
ip6 saddr fe80::/10 drop
ip6 saddr { ff00::/8, fe80::/10 } drop
}
}
root at biden:/srv/nftables# /sbin/nft -f junk
root at biden:/srv/nftables# /sbin/nft list ruleset
table ip6 whatever {
chain junk {
ip6 saddr ff00::/8 drop
ip6 saddr fe80::/10 drop
ip6 saddr { fe80::/10, ff00::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff } drop
}
}
root at biden:/srv/nftables#
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-16-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nftables depends on:
ii dpkg 1.20.11
ii libc6 2.31-13+deb11u3
ii libedit2 3.1-20191231-2+b1
ii libnftables1 0.9.8-3.1
nftables recommends no packages.
Versions of packages nftables suggests:
pn firewalld <none>
-- Configuration Files:
/etc/nftables.conf changed [not included]
-- no debconf information
More information about the pkg-netfilter-team
mailing list