]>
git.ipfire.org Git - thirdparty/nftables.git/commit
payload: don't remove icmp family dependency in special cases
When using nftables to filter icmp-in-ipv6 or icmpv6-in-ipv4 we
erronously removed the dependency, i.e. "lis ruleset" shows
table ip6 filter { chain output {
type filter hook output priority 0; policy accept;
icmp type destination-unreachable
} }
but that won't restore because of ip vs ipv6 conflict.
After this patch, this lists as
meta l4proto icmp icmp type destination-unreachable
instead. We still remove the dependency in "ip" family.
Same applies to icmpv6-in-ip.
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
projects / thirdparty / nftables.git / commit
