summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_tcp.t
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2024-02-02 13:14:29 +0100
committerPhil Sutter <phil@nwl.cc>2024-02-02 18:26:14 +0100
commit4195a89ab2e2bd690ba255e40a5c3d309f031796 (patch)
tree29afaaeb5482f454c10044510d4ea2591508000f /extensions/libxt_tcp.t
parent9d400db20cf9f1c4a57c0791e563f22bafcd841a (diff)
nft: Do not omit full ranges if inverted
Otherwise this turns a never matching rule into an always matching one. Fixes: c034cf31dd1a9 ("nft: prefer native expressions instead of udp match") Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'extensions/libxt_tcp.t')
-rw-r--r--extensions/libxt_tcp.t4
1 files changed, 2 insertions, 2 deletions
diff --git a/extensions/libxt_tcp.t b/extensions/libxt_tcp.t
index baa41615..911c5111 100644
--- a/extensions/libxt_tcp.t
+++ b/extensions/libxt_tcp.t
@@ -7,13 +7,13 @@
-p tcp -m tcp --sport 1024:65535;=;OK
-p tcp -m tcp --sport 1024:;-p tcp -m tcp --sport 1024:65535;OK
-p tcp -m tcp --sport :;-p tcp -m tcp;OK
--p tcp -m tcp ! --sport :;-p tcp -m tcp;OK;LEGACY;-p tcp
+-p tcp -m tcp ! --sport :;-p tcp -m tcp;OK
-p tcp -m tcp --sport :4;-p tcp -m tcp --sport 0:4;OK
-p tcp -m tcp --sport 4:;-p tcp -m tcp --sport 4:65535;OK
-p tcp -m tcp --sport 4:4;-p tcp -m tcp --sport 4;OK
-p tcp -m tcp --sport 4:3;;FAIL
-p tcp -m tcp --dport :;-p tcp -m tcp;OK
--p tcp -m tcp ! --dport :;-p tcp -m tcp;OK;LEGACY;-p tcp
+-p tcp -m tcp ! --dport :;-p tcp -m tcp;OK
-p tcp -m tcp --dport :4;-p tcp -m tcp --dport 0:4;OK
-p tcp -m tcp --dport 4:;-p tcp -m tcp --dport 4:65535;OK
-p tcp -m tcp --dport 4:4;-p tcp -m tcp --dport 4;OK