diff options
author | Phil Sutter <phil@nwl.cc> | 2023-11-02 14:48:10 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-11-02 18:22:15 +0100 |
commit | e4c9f9f7e0d1f83be18f6c4a418da503e9021b24 (patch) | |
tree | 8bf45ce3aa7cf488694304fe405fc6a1c53bdcae /src/statement.c | |
parent | e6f21c85f2cac9e7d5437b68de470da0e4180b60 (diff) |
tproxy: Drop artificial port printing restriction
It does not make much sense to omit printing the port expression if it's
not a value expression: On one hand, input allows for more advanced
uses. On the other, if it is in-kernel, best nft can do is to try and
print it no matter what. Just ignoring ruleset elements can't be
correct.
Fixes: 2be1d52644cf7 ("src: Add tproxy support")
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1721
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
-rw-r--r-- | src/statement.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/statement.c b/src/statement.c index 47561166..f5176e6d 100644 --- a/src/statement.c +++ b/src/statement.c @@ -989,7 +989,7 @@ static void tproxy_stmt_print(const struct stmt *stmt, struct output_ctx *octx) expr_print(stmt->tproxy.addr, octx); } } - if (stmt->tproxy.port && stmt->tproxy.port->etype == EXPR_VALUE) { + if (stmt->tproxy.port) { if (!stmt->tproxy.addr) nft_print(octx, " "); nft_print(octx, ":"); |