]>
git.ipfire.org Git - thirdparty/nftables.git/commit
netlink_delinearize: only remove protocol if equal cmp is used
Check for OP_EQ before removing a dependency, else we may zap wrong one,
changing the meaning of the rule.
Listing without patch:
ip protocol udp udp dport ssh
ip protocol udp udp dport ssh
counter packets 1 bytes 308 ip protocol udp udp dport ssh
With patch:
ip protocol != tcp udp dport ssh
ip protocol != udp udp dport ssh
ip protocol != tcp counter packets 1 bytes 308 udp dport ssh
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
projects / thirdparty / nftables.git / commit
