diff options
author | Florian Westphal <fw@strlen.de> | 2019-09-10 23:10:59 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-09-12 13:05:53 +0200 |
commit | e1ccd979e6849748578fad76475c688bdd16df0d (patch) | |
tree | 7095715be883c464eb23ba496ce987120bc12269 /extensions/libebt_standard.t | |
parent | 8934ced112e9cbe03072f50df0975fe6840f14b3 (diff) |
ebtables: fix over-eager -o checks on custom chains
Arturo reports ebtables-nft reports an error when -o is
used in custom chains:
-A MYCHAIN -o someif
makes ebtables-nft exit with an error:
"Use -o only in OUTPUT, FORWARD and POSTROUTING chains."
Problem is that all the "-o" checks expect <= NF_BR_POST_ROUTING
to mean "builtin", so -1 mistakenly leads to the checks being active.
Reported-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1347
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libebt_standard.t')
-rw-r--r-- | extensions/libebt_standard.t | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t index 0d678fb2..c6c31727 100644 --- a/extensions/libebt_standard.t +++ b/extensions/libebt_standard.t @@ -9,3 +9,20 @@ -p ! ARP -j ACCEPT;=;OK -p 0 -j ACCEPT;=;FAIL -p ! 0 -j ACCEPT;=;FAIL +:INPUT +-i foobar;=;OK +-o foobar;=;FAIL +:FORWARD +-i foobar;=;OK +-o foobar;=;OK +:OUTPUT +-i foobar;=;FAIL +-o foobar;=;OK +:PREROUTING +*nat +-i foobar;=;OK +-o foobar;=;FAIL +:POSTROUTING +*nat +-i foobar;=;FAIL +-o foobar;=;OK |