Re: nftables expressions and operators

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Aurel Wisse <nf@awisse.ca>
Cc: netfilter@vger.kernel.org
Subject: Re: nftables expressions and operators
Date: Mon, 6 Nov 2023 14:28:22 +0100	[thread overview]
Message-ID: <ZUjp9jAAPYgOAIDq@calendula> (raw)
In-Reply-To: <74e3c950-e623-4b46-9186-8fe2230c9f9a@app.fastmail.com>

On Mon, Nov 06, 2023 at 08:11:09AM -0500, Aurel Wisse wrote:
> Hi,
> 
> I am starting to learn nftables (only superficial previous experience with iptables) and I can't find certain syntax rules for expressions and operators in the wiki or the man page.
> 
> I am learning by listing the rulesets of certain predefined firewalls (fw4/OpenWRT, UFW) and I notice that certain listed rules contain operators which I can guess (hopefully correctly) from context and the original syntax in the imported file, but I would like to be sure in order not to make mistakes while building my own firewall.
> 
> Examples:
> 
> tcp flags & (fin|syn|rst|ack) != syn jump syn_flood
> 
> becomes
> 
> tcp flags syn / fin,syn,rst,ack jump syn_flood 

That is a bug in nftables v1.0.2, here with recent version it shows:

tcp flags != syn / fin,syn,rst,ack

> So, from context, commas without spaces around them are equivalent to logical or with precedence over "/", and "/" is somehow "!=" ?? . Where did the & (logical AND?) operator go?
> 
> This is just one example. I would like to learn the full operator syntax rules in nftables. Any ideas where I should look ? Do I have to dig into the source code ?
> 
> Thanks
> 
> Aurel
> 
> nftables v1.0.2 (Lester Gooch)
> Pop-OS (6.5.6-76060506-generic)

next prev parent reply	other threads:[~2023-11-06 13:28 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-06 13:11 nftables expressions and operators Aurel Wisse
2023-11-06 13:28 ` Pablo Neira Ayuso [this message]
2023-11-06 14:24   ` Aurel Wisse
2023-11-06 15:28     ` Eric
2023-11-06 15:41       ` Aurel Wisse

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZUjp9jAAPYgOAIDq@calendula \
    --to=pablo@netfilter.org \
    --cc=netfilter@vger.kernel.org \
    --cc=nf@awisse.ca \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.