Google Git
Sign in
googlers / maze / iptables / eb4b65c49994e44e6ad617fe3f60c063d0c331c4
commiteb4b65c49994e44e6ad617fe3f60c063d0c331c4[log] [tgz]
authorPablo Neira Ayuso <pablo@netfilter.org>Tue Aug 20 20:24:26 2013 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>Mon Dec 30 23:50:44 2013 +0100
tree178a99c4a55c746d4badbaf93df35a43f500dd52
parentcdc78b1d6bd7b48ec05d78fc6e6cd98473f40357 [diff]
nft: fix wrong flags handling in print_firewall_details

Unfortunately, IPT_F_* and IP6T_F_* don't overlap, therefore, we have
to add an specific function to print the fragment flag, otherwise
xtables -6 misinterprets the protocol flag, ie.

Chain INPUT (policy ACCEPT)
           tcp  -f  ::/0                 ::/0

Note that -f should not show up. This problem was likely added with
the IPv6 support for the compatibility layer.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
4 files changed
tree: 178a99c4a55c746d4badbaf93df35a43f500dd52
  1. etc/
  2. extensions/
  3. include/
  4. iptables/
  5. libipq/
  6. libiptc/
  7. libxtables/
  8. m4/
  9. tests/
  10. utils/
  11. .gitignore
  12. autogen.sh
  13. COMMIT_NOTES
  14. configure.ac
  15. COPYING
  16. INCOMPATIBILITIES
  17. INSTALL
  18. Makefile.am
  19. release.sh