Package: nftables
Version: 0.9.1-2
Severity: minor
The nftables file parser allows newlines in literal sets and maps.
It allows comments in them -- but it doesn't allow comments on their own line.
I think this is a mistake, and the parser should be changed to allow them.
A simple example ruleset is below.
# cat tmp.nft
table inet x {
# comments are allowed here
chain y {
# comments are allowed here
icmpv6 type {
1, # comments are allowed here
2,
} accept
icmpv6 type {
1,
# comments AREN'T allowed here
2,
} accept
}
}
list ruleset
root@not-omega:~# nft --file tmp.nft
tmp.nft:12:43-43: Error: syntax error, unexpected newline, expecting comma
or '}'
# comments AREN'T allowed here
^
tmp.nft:13:14-14: Error: syntax error, unexpected comma
2,
^
tmp.nft:14:11-16: Error: syntax error, unexpected accept, expecting newline
or semicolon
} accept
^^
PS: it also doesn't allow blank lines, e.g.
add table x
add chain x y
add rule x y ip saddr {
1,
2,
} accept
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'proposed-updates'), (500, 'unstable'),
(1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
