From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [iptables-nftables - PATCH 6/9] nft: Print chains in right order when listing rules
Date: Tue, 16 Jul 2013 22:57:43 +0200 [thread overview]
Message-ID: <20130716205743.GA17208@localhost> (raw)
In-Reply-To: <1373978333-17427-7-git-send-email-tomasz.bursztyka@linux.intel.com>
On Tue, Jul 16, 2013 at 03:38:50PM +0300, Tomasz Bursztyka wrote:
> Fixes an output bug, it was:
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> where it should be:
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
I have just checked this. The order is fine except by the nat table,
that one has been corrected it here:
http://git.netfilter.org/iptables-nftables/commit/?id=990b5aec1df02450545b57b94d3c960d9b7b1188
However, if the xtables.conf file is used, the order was reversed so I
could reproduce exactly the same output that you posted here.
I have fixed that by fixing the semantically of nft_*_list_add in
libnftables to prepend, instead of appending. Now we have
nft_*_list_add_tail, I have adapted iptables-nftables to use add_tail
when needed:
http://git.netfilter.org/iptables-nftables/commit/?id=5e6ed2aae9e4a8ec0a340036f485c2567635eca9
Those should be enough to resolve this issue.
Thanks for the initial patch to address this issue.
next prev parent reply other threads:[~2013-07-16 20:57 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-16 12:38 [iptables-nftables - PATCH 0/9] Various fixes Tomasz Bursztyka
2013-07-16 12:38 ` [iptables-nftables - PATCH 1/9] nft: Set the rule family when creating a new one Tomasz Bursztyka
2013-07-16 20:11 ` Pablo Neira Ayuso
2013-07-16 12:38 ` [iptables-nftables - PATCH 2/9] nft: Handle error on adding rule expressions Tomasz Bursztyka
2013-07-16 20:11 ` Pablo Neira Ayuso
2013-07-16 12:38 ` [iptables-nftables - PATCH 3/9] nft: Refactor and optimize nft_rule_list Tomasz Bursztyka
2013-07-16 20:12 ` Pablo Neira Ayuso
2013-07-17 7:08 ` Tomasz Bursztyka
2013-07-16 12:38 ` [iptables-nftables - PATCH 4/9] xtables: Remove useless parameter to nft_chain_list_find Tomasz Bursztyka
2013-07-16 20:12 ` Pablo Neira Ayuso
2013-07-16 12:38 ` [iptables-nftables - PATCH 5/9] nft: Une one unique function to test for a builtin chain Tomasz Bursztyka
2013-07-16 20:12 ` Pablo Neira Ayuso
2013-07-16 12:38 ` [iptables-nftables - PATCH 6/9] nft: Print chains in right order when listing rules Tomasz Bursztyka
2013-07-16 20:57 ` Pablo Neira Ayuso [this message]
2013-07-17 7:07 ` Tomasz Bursztyka
2013-07-16 12:38 ` [iptables-nftables - PATCH 7/9] nft: Print chains in right order when saving rules Tomasz Bursztyka
2013-07-16 12:38 ` [iptables-nftables - PATCH 8/9] xtables-save: Print chains in right order Tomasz Bursztyka
2013-07-16 12:38 ` [iptables-nftables - PATCH 9/9] nft: Fix small memory leaks Tomasz Bursztyka
2013-07-16 20:58 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130716205743.GA17208@localhost \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=tomasz.bursztyka@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.