[lxc-devel] [lxd/master] lxd/firewall/drivers: Fix nft syntax
monstermunchkin on Github
lxc-bot at linuxcontainers.org
Mon May 11 16:22:03 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 774 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200511/99b6ac9d/attachment.bin>
-------------- next part --------------
From b1f42348373b67c8167c7ce3b37f80f331cd7dc9 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Mon, 11 May 2020 18:20:35 +0200
Subject: [PATCH] lxd/firewall/drivers: Fix nft syntax
This fixes the `nft` syntax, as it causes the following error in LXD:
```
EROR[05-11|18:09:29] Firewall nftables unable to parse existing ruleset:
invalid character '^' looking for beginning of value
```
When running the command in a shell, it says:
```
$ nft list ruleset --json -nn
Error: syntax error, options must be specified before commands
nft list ruleset --json -nn
^ ~~
```
Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
lxd/firewall/drivers/drivers_nftables.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/firewall/drivers/drivers_nftables.go b/lxd/firewall/drivers/drivers_nftables.go
index d13aad89b3..f4d295304e 100644
--- a/lxd/firewall/drivers/drivers_nftables.go
+++ b/lxd/firewall/drivers/drivers_nftables.go
@@ -106,7 +106,7 @@ type nftGenericItem struct {
// nftParseRuleset parses the ruleset and returns the generic parts as a slice of items.
func (d Nftables) nftParseRuleset() ([]nftGenericItem, error) {
// Dump ruleset as JSON. Use -nn flags to avoid doing DNS lookups of IPs mentioned in any rules.
- cmd := exec.Command("nft", "list", "ruleset", "--json", "-nn")
+ cmd := exec.Command("nft", "--json", "-nn", "list", "ruleset")
stdout, err := cmd.StdoutPipe()
if err != nil {
return nil, err
More information about the lxc-devel
mailing list