ebtables: fix over-eager -o checks on custom chains

Arturo reports ebtables-nft reports an error when -o is used in custom chains: -A MYCHAIN -o someif makes ebtables-nft exit with an error: "Use -o only in OUTPUT, FORWARD and POSTROUTING chains." Problem is that all the "-o" checks expect <= NF_BR_POST_ROUTING to mean "builtin", so -1 mistakenly leads to the checks being active. Reported-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1347 Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2019-09-10 23:10:59 +0200
committer: Florian Westphal <fw@strlen.de> 2019-09-12 13:05:53 +0200
commit: e1ccd979e6849748578fad76475c688bdd16df0d (patch)
tree: 7095715be883c464eb23ba496ce987120bc12269 /extensions
parent: 8934ced112e9cbe03072f50df0975fe6840f14b3 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
index 0d678fb2..c6c31727 100644
--- a/extensions/libebt_standard.t
+++ b/extensions/libebt_standard.t
@@ -9,3 +9,20 @@
 -p ! ARP -j ACCEPT;=;OK
 -p 0 -j ACCEPT;=;FAIL
 -p ! 0 -j ACCEPT;=;FAIL
+:INPUT
+-i foobar;=;OK
+-o foobar;=;FAIL
+:FORWARD
+-i foobar;=;OK
+-o foobar;=;OK
+:OUTPUT
+-i foobar;=;FAIL
+-o foobar;=;OK
+:PREROUTING
+*nat
+-i foobar;=;OK
+-o foobar;=;FAIL
+:POSTROUTING
+*nat
+-i foobar;=;FAIL
+-o foobar;=;OK
author	Florian Westphal <fw@strlen.de>	2019-09-10 23:10:59 +0200
committer	Florian Westphal <fw@strlen.de>	2019-09-12 13:05:53 +0200
commit	e1ccd979e6849748578fad76475c688bdd16df0d (patch)
tree	7095715be883c464eb23ba496ce987120bc12269 /extensions
parent	8934ced112e9cbe03072f50df0975fe6840f14b3 (diff)