iptables - iptables tree

diff options

author	Arturo Borrero <arturo.borrero.glez@gmail.com>	2015-01-19 14:27:51 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-01-28 17:23:51 +0100
commit	c5c011a13395ceab661eb2d5774487e1215ca9e7 (patch)
tree	0a3abc9fce3326f49eee76d55684854634a1cedf /iptables/nft-bridge.c
parent	16331e1a3f592a6cb2d5e8eb64ea2e112d997e97 (diff)

ebtables-compat: prevent same matches to be included multiple times

Using two matches options results in two copies of the match being included in the nft rule. Example before this patch: % ebtables-compat -A FORWARD -p 0x0800 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 -j ACCEPT % ebtables-compat -L [...] -p 0x0800 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 -j ACCEPT Example with this patch: % ebtables-compat -A FORWARD -p 0x0800 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 -j ACCEPT % ebtables-compat -L [...] % -p 0x0800 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 -j ACCEPT [Note: the br_ip extension comes in a follow-up patch] Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'iptables/nft-bridge.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: