Do not emit extra l4proto filter for helpers

openwrt / firewall4

[MIRROR] OpenWrt nftables firewall

https://git.openwrt.org/?p=project/firewall4.git;

17 stars 13 forks source link

Do not emit extra l4proto filter for helpers #41

Open brada4 opened 5 days ago

brada4 commented 5 days ago

Do not emit unnecessary l4proto filter for helpers. No bytecode or readback changed. There is something better waiting on top of this cleanup

Signed-off-by: Andris PE neandris@gmail.com

brada4 commented 5 days ago

@jow- please treat this quicker than usual

nft -c -d netlink -f - << EOF
table inet testing {
 chain old {
  meta l4proto tcp tcp dport 45
 }
 chain intent {
  meta l4proto tcp meta l4proto tcp th dport 45
 }
 chain new {
  tcp dport 45
 }
}
EOF

Evil intent of original is luckily squashed by nft cli.

brada4 commented 5 days ago

btw 3x if rule.helper sections are never accessed.