The rule parses correctly, but the (never matching) part is lost on
output.
Looks like a day-1 bug, make it fix the change after which it applies
cleanly.
Fixes: b2197e7834f77 ("xshared: Entirely ignore interface masks when saving rules")
Signed-off-by: Phil Sutter <phil@nwl.cc>
-i eth+ -o alongifacename+;=;OK
! -i eth0;=;OK
! -o eth+;=;OK
+-i + -j ACCEPT;-j ACCEPT;OK
+! -i +;=;OK
-c "";;FAIL
-c ,3;;FAIL
-c 3,;;FAIL
-j ACCEPT ! -i lo;=;OK
-i ppp+;=;OK
! -i ppp+;=;OK
+-i + -j ACCEPT;-j ACCEPT;OK
+! -i +;=;OK
-i lo --destination-mac 11:22:33:44:55:66;-i lo --dst-mac 11:22:33:44:55:66;OK
--source-mac Unicast;--src-mac 00:00:00:00:00:00/01:00:00:00:00:00;OK
! --src-mac Multicast;! --src-mac 01:00:00:00:00:00/01:00:00:00:00:00;OK
--logical-out br1;=;FAIL
-i + -d 00:0f:ee:d0:ba:be;-d 00:0f:ee:d0:ba:be;OK
-i + -p ip;-p IPv4;OK
+! -i +;=;OK
--logical-in + -d 00:0f:ee:d0:ba:be;-d 00:0f:ee:d0:ba:be;OK
--logical-in + -p ip;-p IPv4;OK
+! --logical-in +;=;OK
:FORWARD
-i foobar;=;OK
-o foobar;=;OK
void save_iface(char letter, const char *iface, int invert)
{
- if (!strlen(iface) || !strcmp(iface, "+"))
+ if (!strlen(iface) || (!strcmp(iface, "+") && !invert))
return;
printf("%s -%c %s", invert ? " !" : "", letter, iface);
projects / thirdparty / iptables.git / commitdiff
