diff options
author | Florian Westphal <fw@strlen.de> | 2018-09-04 13:53:59 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-04 14:57:17 +0200 |
commit | 0f44d4f62753535d39d95d83778348bee4e88053 (patch) | |
tree | a8abdf198af2bd59e718283e54e84dea92aa7f03 /tests/py/ip6/flowtable.t | |
parent | aab7913f0e9bfd331980a4e6a478d3e350be9e89 (diff) |
proto: fix icmp/icmpv6 code datatype
Andrew A. Sabitov says:
I'd like to use a set (concatenation) of icmpv6 type and icmpv6 code
and check incoming icmpv6 traffic against it:
add set inet fw in_icmpv6_types { type icmpv6_type . icmpv6_code; }
add element inet fw in_icmpv6_types { 1 . 0 } # no route to destination
add element inet fw in_icmpv6_types { 1 . 1 } # communication with destination administratively prohibited
# ...
add rule inet fw in_icmpv6 icmpv6 type . icmpv6 code @in_icmpv6_types \
limit rate 15/minute accept
yields:
Error: can not use variable sized data types (integer) in concat expressions
icmpv6 type . icmpv6 code @in_icmpv6_types
~~~~~~~~~~~~~~^^^^^^^^^^^
Change 'code' type to the icmp/icmpv6 code type.
Needs minor change to test suite as nft will now display
human-readable names instead of numeric codes.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1276
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/py/ip6/flowtable.t')
0 files changed, 0 insertions, 0 deletions