Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | evaluate: do not allow to list/flush anonymous sets via list command | Pablo Neira Ayuso | 2019-06-19 | 1 | -0/+33 |
Don't allow this: # nft list set x __set0 table ip x { set __set0 { type ipv4_addr flags constant elements = { 1.1.1.1 } } } Constant sets never change and they are attached to a rule (anonymous flag is set on), do not list their content through this command. Do not allow flush operation either. After this patch: # nft list set x __set0 Error: No such file or directory list set x __set0 ^^^^^^ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |