Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-7634

nftables iteration of dport and port breaks rule application

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Major Major
    • rhos-18.0.0
    • rhos-18.0 Beta
    • edpm-ansible
    • None
    • nftables iteration of dport and port breaks rule application
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • No Docs Impact
    • ?
    • ?
    • 0% To Do, 0% In Progress, 100% Done
    • 2023Q3
    • Important
    • EDPM

      If a user provides a rule like:

      '999 blah rule':
action: insert
dport: 61152-61215
jump: ACCEPT
proto: tcp
source: 1.1.1.1/8

      This results in the `dport` value being iterated over since it's a string because of the hyphen. So we get an error validating the rule, which shows that it's trying to join the string like `6,1,1,5,2,-,6,1,2,1,5`

      1. 199 blah rule {'action': 'insert', 'dport': '61152-61215', 'jump': 'ACCEPT', 'proto': 'tcp', 'source': '192.168.60.0/24'}
add rule inet filter TRIPLEO_INPUT ip saddr 1.1.1.1/24 tcp dport { 6,1,1,5,2,-,6,1,2,1,5 } ct state new counter accept comment "999 blah rule"

      To fix this, we need a more string check of the type before we try iterating over it.

            rhn-support-bshephar Brendan Shephard
            rhn-support-bshephar Brendan Shephard
            rhos-dfg-df
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: