]> git.ipfire.org Git - thirdparty/iptables.git/commit
projects / thirdparty / iptables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f200aca) | patch
nft: Fix match generator for '! -i +'
authorPhil Sutter <phil@nwl.cc>
Thu, 1 Dec 2022 14:08:01 +0000 (15:08 +0100)
committerPhil Sutter <phil@nwl.cc>
Fri, 2 Dec 2022 00:47:32 +0000 (01:47 +0100)
commit5baa4279264bb4ab93c6e80b4887f2bd29691446
treeaa419b31e3320b66213fd0842da4a0a3eb0e25e1tree
parentf200aca7ff7b6a0edbe9024f0543b3f58111c50ecommit | diff
nft: Fix match generator for '! -i +'

It's actually nonsense since it will never match, but iptables accepts
it and the resulting nftables rule must behave identically. Reuse the
solution implemented into xtables-translate (by commit e179e87a1179e)
and turn the above match into 'iifname INVAL/D'.

The commit this fixes merely ignored the fact that "any interface" match
might be inverted.

Fixes: 0a8635183edd0 ("xtables-compat: ignore '+' interface name")
Signed-off-by: Phil Sutter <phil@nwl.cc>
iptables/nft-shared.c diff | blob | blame | history
Mirror of git://git.netfilter.org/iptables