Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-15084

Overlapping entry's should only be an warning instant of error

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • rhel-9.2.0
    • firewalld
    • None
    • None
    • None
    • sst_networking_core
    • ssg_networking
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      On RHEL-7  an ipset (hash:net) can contains overlapping entries, which will be no problem for allowing sets. During the same on RHEL-9 with firewalld it will fails.

      Please provide the package NVR for which bug is seen:

      firewalld-1.2.1-1

      How reproducible:

      Every time

      Steps to reproduce

      1.  firewall-cmd --permanent --ipset=foo --add-entry="1.1.1.1/32"
      2.  firewall-cmd --permanent --ipset=foo --add-entry="1.1.1.0/24"

      Expected results

      Ignores the overlapping and add the entry to the IP set. Or showing maximum an warning about it.

      Actual results

      Error: INVALID_ENTRY: Entry '1.1.1.0/24' overlaps with existing entry '1.1.1.1'

            egarver Eric Garver
            mdc_fbuettn Frank Büttner
            Eric Garver Eric Garver
            qe-baseos-daemons qe-baseos-daemons
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: