[pkg-netfilter-team] Bug#950613: "nft -S list ruleset" should say "udp dport 514" is "syslog" (not "shell")
Trent W. Buck
trentbuck at gmail.com
Tue Feb 4 09:17:00 GMT 2020
Package: nftables
Version: 0.9.2-1
Severity: wishlist
Port 514 is a rare case where TCP and UDP have different service names.
Right now "nft -S list ruleset" gives the TCP name, which is confusing.
This is a very minor issue, but if it's easy to fix, please do so! :-)
Below is code demonstrating the problem.
Here is getent (libc-bin=2.28-10) resolving /etc/services (netbase=5.6):
# getent services 514
shell 514/tcp cmd
# getent services 514/tcp
shell 514/tcp cmd
# getent services 514/udp
syslog 514/udp
Here is nft resolving (I guess just "514", where I think it actually has enough info to resolve "514/udp"):
# nft -S 'flush ruleset; add table x; add chain x y; add rule x y udp dport 514; list ruleset'
table ip x {
chain y {
}
}
# nft -S list ruleset
table ip x {
chain y {
udp dport "shell"
}
}
I don't know why the first "list ruleset" has the rule entirely missing.
I guess that's a separate bug (which I do not care about here).
More information about the pkg-netfilter-team
mailing list