Package: nftables
Version: 0.9.8-3.1
Severity: normal
X-Debbugs-Cc: [email protected]
Dear Maintainer,
As shown below, I created a file call "junk" that makes a few simple nftables
chains.
When I list the chains, nftables shows what looks like a negative number in the
last one.
I would expect it to show the canonical form of ff00::/8 as given in the
previous line.
This simple example is extracted from a complex script to show the problem
concisely.
root@biden:/srv/nftables# cat junk
#!/usr/sbin/nft -f
flush ruleset
table ip6 whatever {
chain junk {
ip6 saddr ff00::/8 drop
ip6 saddr fe80::/10 drop
ip6 saddr { ff00::/8, fe80::/10 } drop
}
}
root@biden:/srv/nftables# /sbin/nft -f junk
root@biden:/srv/nftables# /sbin/nft list ruleset
table ip6 whatever {
chain junk {
ip6 saddr ff00::/8 drop
ip6 saddr fe80::/10 drop
ip6 saddr { fe80::/10,
ff00::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff } drop
}
}
root@biden:/srv/nftables#
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-16-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nftables depends on:
ii dpkg 1.20.11
ii libc6 2.31-13+deb11u3
ii libedit2 3.1-20191231-2+b1
ii libnftables1 0.9.8-3.1
nftables recommends no packages.
Versions of packages nftables suggests:
pn firewalld <none>
-- Configuration Files:
/etc/nftables.conf changed [not included]
-- no debconf information