Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: icmp/icmpv6 rule elements can be omitted when listing ruleset Version-Release number of selected component (if applicable): nftables-0.9.8-2.fc34.x86_64 How reproducible: Always Steps to Reproduce: 1. Execute the following nft commands: nft add table ip6 test nft add chain ip6 test testc nft add rule ip6 test testc icmpv6 type nd-router-solicit ip6 daddr fe80::/10 drop 2. List the ruleset: nft list ruleset Actual results: table ip6 test { chain testc { ip6 daddr fe80::/10 drop } } Expected results: table ip6 test { chain testc { icmpv6 type nd-router-solicit ip6 daddr fe80::/10 drop } } Additional info: Executing the following: nft list ruleset >/tmp/ruleset.nft nft flush ruleset nft -f /tmp/ruleset.nft results in the rule not including "icmpv6 type nd-router-solicit". This means that rulesets cannot be saved and restored (to see that the ruleset has not been restored correctly you need a working nft). This issue is resolved in v0.9.9. nft commit 5335652 resolved the problem, and this can be applied directly to v0.9.8.
FEDORA-2021-00d476386f has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-00d476386f
FEDORA-2021-00d476386f has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-00d476386f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-00d476386f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-00d476386f has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.