Comments (4)
I'm unable to reproduce this issue using capirca-r168, as specified in the
report. Can you please verify if this occurs on a fresh install of r168?
----
$ cat > policies/test.pol
header {
target:: speedway INPUT DROP inet6
}
term deny-all-in {
comment:: "Clean up rule for INPUT chain"
logging:: syslog
action:: deny
}
^d
$ ./aclgen.py
writing ./filters/test.ipt
1 filters rendered
watson@watson:~/capirca$ more filters/test.ipt
*filter
# Speedway INPUT Policy
# $Id:$
# $Date:$
# inet6
:INPUT DROP
-N I_deny-all-in
-A I_deny-all-in -m comment --comment "Clean up rule for INPUT chain"
-A I_deny-all-in -p all -j LOG --log-prefix deny-all-in
-A I_deny-all-in -p all -j DROP
-A INPUT -j I_deny-all-in
COMMIT
Original comment by watson
on 19 Mar 2012 at 7:39
from capirca.
Sorry, my initial report is incomplete. It works if you just specify one header
(e.g. an INPUT or OUTPUT target). But with more than one header it actually
fails on r168. The error happens also for IPv4 only if you specify the inet
token. Here's an example that fail:
$ cat policies/test.pol
header {
target:: speedway INPUT DROP inet6
}
term deny-all-in {
comment:: "Clean up rule for INPUT chain"
logging:: syslog
action:: deny
}
header {
target:: speedway OUTPUT DROP inet6
}
term deny-all-out {
comment:: "Clean up rule for OUTPUT chain"
logging:: syslog
action:: deny
}
^D
In the example above, replace the inet6 token with inet and the issue still
happens. Then remove the inet token and it works.
BTW, the issue's subject has a typo. Should read "speedway does not accept
inet6 token". In any case the issue happens both with iptables and speedway
when inet or inet6 tokens are specified.
Original comment by [email protected]
on 19 Mar 2012 at 9:02
from capirca.
Original comment by watson
on 6 Jun 2012 at 10:05
- Changed state: Accepted
from capirca.
This issue should be resolved in r187.
The problem was filter_type was not being reset to None before processing each
filter
in a given policy.
Original comment by [email protected]
on 16 Jul 2012 at 3:10
- Changed state: Fixed
from capirca.
Related Issues (20)
- Release new PyPi version HOT 1
- Support for IOSXR IPv6 Object Group ACLs
- Cisco object-group ACLs don't properly render ICMP type and code
- Cisco remarks missing quotes HOT 2
- Indentation is wrong for the return statement HOT 1
- iptables does not generate any rules from protocol:: icmp icmpv6
- Installer doesn't put capirca command in ~/.local/bin HOT 1
- Juniper ethernet-switching for EX or QFX
- Capirca overwrites the tools namespace HOT 1
- Add support in ArubaOS-Switch and AOS-CX-Switch HOT 3
- Add support in HP Advanced ACL
- Add support in Cisco WLC ACL
- ACL with line numbering
- Add a generator for NSX-T HOT 3
- Allow dot in token names
- Implement atomic acl updates on cisco ios
- Add support for MikroTik RouterOS ACLs
- Build is broken on Python 3.8 due to types used in NSX-T plugin HOT 1
- NSX-T plugin generates invalid payload: netblocks including 0.0.0.0/anything, port ranges consisting of one port HOT 2
- Add support for OPNSense
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from capirca.