From e1ccd979e6849748578fad76475c688bdd16df0d Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 10 Sep 2019 23:10:59 +0200
Subject: ebtables: fix over-eager -o checks on custom chains

Arturo reports ebtables-nft reports an error when -o is
used in custom chains:

-A MYCHAIN -o someif
makes ebtables-nft exit with an error:
"Use -o only in OUTPUT, FORWARD and POSTROUTING chains."

Problem is that all the "-o" checks expect <= NF_BR_POST_ROUTING
to mean "builtin", so -1 mistakenly leads to the checks being active.

Reported-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1347
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 extensions/libebt_standard.t | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'extensions')

diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
index 0d678fb2..c6c31727 100644
--- a/extensions/libebt_standard.t
+++ b/extensions/libebt_standard.t
@@ -9,3 +9,20 @@
 -p ! ARP -j ACCEPT;=;OK
 -p 0 -j ACCEPT;=;FAIL
 -p ! 0 -j ACCEPT;=;FAIL
+:INPUT
+-i foobar;=;OK
+-o foobar;=;FAIL
+:FORWARD
+-i foobar;=;OK
+-o foobar;=;OK
+:OUTPUT
+-i foobar;=;FAIL
+-o foobar;=;OK
+:PREROUTING
+*nat
+-i foobar;=;OK
+-o foobar;=;FAIL
+:POSTROUTING
+*nat
+-i foobar;=;FAIL
+-o foobar;=;OK
-- 
cgit v1.2.3