-
Bug
-
Resolution: Done
-
Major
-
rhos-18.0 Beta
-
None
If a user provides a rule like:
'999 blah rule':
action: insert
dport: 61152-61215
jump: ACCEPT
proto: tcp
source: 1.1.1.1/8
This results in the `dport` value being iterated over since it's a string because of the hyphen. So we get an error validating the rule, which shows that it's trying to join the string like `6,1,1,5,2,-,6,1,2,1,5`
- 199 blah rule {'action': 'insert', 'dport': '61152-61215', 'jump': 'ACCEPT', 'proto': 'tcp', 'source': '192.168.60.0/24'}
add rule inet filter TRIPLEO_INPUT ip saddr 1.1.1.1/24 tcp dport { 6,1,1,5,2,-,6,1,2,1,5 } ct state new counter accept comment "999 blah rule"
To fix this, we need a more string check of the type before we try iterating over it.
- is cloned by
-
OSPRH-7634 nftables iteration of dport and port breaks rule application
- Closed
- mentioned on