@@ -4,6 +4,8 @@
-i eth+ -o alongifacename+;=;OK
! -i eth0;=;OK
! -o eth+;=;OK
+-i + -j ACCEPT;-j ACCEPT;OK
+! -i +;=;OK
-c "";;FAIL
-c ,3;;FAIL
-c 3,;;FAIL
@@ -9,6 +9,8 @@
-j ACCEPT ! -i lo;=;OK
-i ppp+;=;OK
! -i ppp+;=;OK
+-i + -j ACCEPT;-j ACCEPT;OK
+! -i +;=;OK
-i lo --destination-mac 11:22:33:44:55:66;-i lo --dst-mac 11:22:33:44:55:66;OK
--source-mac Unicast;--src-mac 00:00:00:00:00:00/01:00:00:00:00:00;OK
! --src-mac Multicast;! --src-mac 01:00:00:00:00:00/01:00:00:00:00:00;OK
@@ -17,8 +17,10 @@
--logical-out br1;=;FAIL
-i + -d 00:0f:ee:d0:ba:be;-d 00:0f:ee:d0:ba:be;OK
-i + -p ip;-p IPv4;OK
+! -i +;=;OK
--logical-in + -d 00:0f:ee:d0:ba:be;-d 00:0f:ee:d0:ba:be;OK
--logical-in + -p ip;-p IPv4;OK
+! --logical-in +;=;OK
:FORWARD
-i foobar;=;OK
-o foobar;=;OK
@@ -759,7 +759,7 @@ void print_ifaces(const char *iniface, const char *outiface, uint8_t invflags,
void save_iface(char letter, const char *iface, int invert)
{
- if (!strlen(iface) || !strcmp(iface, "+"))
+ if (!strlen(iface) || (!strcmp(iface, "+") && !invert))
return;
printf("%s -%c %s", invert ? " !" : "", letter, iface);
The rule parses correctly, but the (never matching) part is lost on output. Looks like a day-1 bug, make it fix the change after which it applies cleanly. Fixes: b2197e7834f77 ("xshared: Entirely ignore interface masks when saving rules") Signed-off-by: Phil Sutter <phil@nwl.cc> --- extensions/iptables.t | 2 ++ extensions/libarpt_standard.t | 2 ++ extensions/libebt_standard.t | 2 ++ iptables/xshared.c | 2 +- 4 files changed, 7 insertions(+), 1 deletion(-)