Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#42300 - [nftables] nftables-flush does not work correctly
Attached to Project:
Arch Linux
Opened by Holoduke (Holoduke) - Wednesday, 08 October 2014, 13:33 GMT
Last edited by Sébastien Luttringer (seblu) - Friday, 10 October 2014, 22:02 GMT
Opened by Holoduke (Holoduke) - Wednesday, 08 October 2014, 13:33 GMT
Last edited by Sébastien Luttringer (seblu) - Friday, 10 October 2014, 22:02 GMT
|
DetailsPackage nftables 1:0.3-3
"nftables-flush" won't work if there are chains with a name other than "filter". It is used by nftables.service. Also, the grammar of the comment could use some improvement. --- /usr/lib/systemd/scripts/nftables-flush 2014-08-21 16:53:18.000000000 +0200 +++ nftables-flush 2014-10-08 15:23:40.193272270 +0200 @@ -21,8 +21,8 @@ for proto in "${PROTOS[@]}"; do nft list tables "$proto"|cut -f 2 -d ' '| while read table; do nft flush table "$proto" "$table" - # flush remove rules and not chain (despite man page). do it manually. - nft list table "$proto" filter|awk '/^[ \t]+chain/{ print $2 }'|while read chain; do + # Flush removes rules but not chains (contradictory to the man page). Do it manually. + nft list table "$proto" "$table"|awk '/^[ \t]+chain/{ print $2 }'|while read chain; do nft delete chain "$proto" "$table" "$chain" done nft delete table "$proto" "$table" |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Friday, 10 October 2014, 22:02 GMT
Reason for closing: Fixed
Additional comments about closing: nftables-1:0.3-4
Friday, 10 October 2014, 22:02 GMT
Reason for closing: Fixed
Additional comments about closing: nftables-1:0.3-4
Example config:
#!/usr/bin/nft -f
table inet table1 {
chain chain2 {
return
}
chain chain1 {
type filter hook input priority 0;
jump chain2
accept
}
}
With the above example configuration loaded, this fails:
# nft flush table inet table1 && nft delete chain inet table1 chain2
<cmdline>:1:1-31: Error: Could not process rule: Device or resource busy
delete chain inet table1 chain2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This succeeds (after reloading the example configuration, of course):
# nft flush table inet table1 && sleep 1 && nft delete chain inet table1 chain2