* error using variable for network device name in 'hook ingress device $external_interface'
@ 2020-08-17 0:23 Grant C
2020-08-17 9:21 ` Daniel
2020-08-17 9:58 ` Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Grant C @ 2020-08-17 0:23 UTC (permalink / raw)
To: netfilter
Hello,
Is there special syntax required to use a variable name instead of
hard-coding the interface name in a declaration like the following?
chain blackhole {
type filter hook ingress device $external_interface priority -500;
policy accept
Error: syntax error, unexpected '$', expecting string or quoted string
or string with a trailing asterisk
type filter hook ingress device $external_interface
priority -500; policy accept
using the interface name directly instead of the variable works.
Trying the new syntax that allows using a list, 'ingress devices = { }'
also fails when using a variable either inside an anonymous list, or as
the name of a named list.
I am using nftables 9.3 from Debian Buster backports.
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: error using variable for network device name in 'hook ingress device $external_interface'
2020-08-17 0:23 error using variable for network device name in 'hook ingress device $external_interface' Grant C
@ 2020-08-17 9:21 ` Daniel
2020-08-17 9:58 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Daniel @ 2020-08-17 9:21 UTC (permalink / raw)
To: netfilter
Hello
Le 17/08/2020 à 02:23, Grant C a écrit :
> Hello,
>
> Is there special syntax required to use a variable name instead of
> hard-coding the interface name in a declaration like the following?
>
> chain blackhole {
> type filter hook ingress device $external_interface priority -500;
> policy accept
>
> Error: syntax error, unexpected '$', expecting string or quoted string
> or string with a trailing asterisk
> type filter hook ingress device $external_interface
> priority -500; policy accept
>
> using the interface name directly instead of the variable works.
Try chain blackhole "{
type filter hook ingress device $external_interface priority -500;
policy accept }"
>
> Trying the new syntax that allows using a list, 'ingress devices = {
> }' also fails when using a variable either inside an anonymous list,
> or as the name of a named list.
>
>
> I am using nftables 9.3 from Debian Buster backports.
--
Daniel Huhardeaux
+33.368460088@tootai.net sip:820@sip.tootai.net
+41.445532125@swiss-itech.ch tootaiNET
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: error using variable for network device name in 'hook ingress device $external_interface'
2020-08-17 0:23 error using variable for network device name in 'hook ingress device $external_interface' Grant C
2020-08-17 9:21 ` Daniel
@ 2020-08-17 9:58 ` Pablo Neira Ayuso
2020-08-17 10:01 ` Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2020-08-17 9:58 UTC (permalink / raw)
To: Grant C; +Cc: netfilter
On Sun, Aug 16, 2020 at 05:23:38PM -0700, Grant C wrote:
> Hello,
>
> Is there special syntax required to use a variable name instead of
> hard-coding the interface name in a declaration like the following?
>
> chain blackhole {
> type filter hook ingress device $external_interface priority -500; policy
> accept
>
> Error: syntax error, unexpected '$', expecting string or quoted string or
> string with a trailing asterisk
> type filter hook ingress device $external_interface priority -500; policy accept
>
> using the interface name directly instead of the variable works.
>
> Trying the new syntax that allows using a list, 'ingress devices = { }' also
> fails when using a variable either inside an anonymous list, or as the name
> of a named list.
>
>
> I am using nftables 9.3 from Debian Buster backports.
Support for variable from chain device (as you use above) is available
in the nftables release (or using the current git snapshot), this is a
recent enhancement.
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: error using variable for network device name in 'hook ingress device $external_interface'
2020-08-17 9:58 ` Pablo Neira Ayuso
@ 2020-08-17 10:01 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2020-08-17 10:01 UTC (permalink / raw)
To: Grant C; +Cc: netfilter
On Mon, Aug 17, 2020 at 11:58:39AM +0200, Pablo Neira Ayuso wrote:
> On Sun, Aug 16, 2020 at 05:23:38PM -0700, Grant C wrote:
> > Hello,
> >
> > Is there special syntax required to use a variable name instead of
> > hard-coding the interface name in a declaration like the following?
> >
> > chain blackhole {
> > type filter hook ingress device $external_interface priority -500; policy
> > accept
> >
> > Error: syntax error, unexpected '$', expecting string or quoted string or
> > string with a trailing asterisk
> > type filter hook ingress device $external_interface priority -500; policy accept
> >
> > using the interface name directly instead of the variable works.
> >
> > Trying the new syntax that allows using a list, 'ingress devices = { }' also
> > fails when using a variable either inside an anonymous list, or as the name
> > of a named list.
> >
> >
> > I am using nftables 9.3 from Debian Buster backports.
>
> Support for variable from chain device (as you use above) is available
> in the nftables release (or using the current git snapshot), this is a
> recent enhancement.
... in the _next_ nftables release
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-08-17 10:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-17 0:23 error using variable for network device name in 'hook ingress device $external_interface' Grant C
2020-08-17 9:21 ` Daniel
2020-08-17 9:58 ` Pablo Neira Ayuso
2020-08-17 10:01 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox