Fix nft command line with negative priority values

When using nft with negative priority values it is recommended to use -- to prevent the parser to interpret the value as an argument. Story 2009710 Task 44065 Change-Id: Ia6bc6eee3df30bfb3c0acccf902267fd2a4d37f6
2021-11-24 16:55:25 +01:00 · 2021-11-24 16:55:25 +01:00 · 4791cfe93c
parent 237d443649
commit 4791cfe93c
1 changed files with 4 additions and 4 deletions
--- a/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
+++ b/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
@ -38,9 +38,9 @@ if [ "$1" == "add" ]; then
            nft add rule ip octavia-ipv4 ip-udp-masq oifname "$3" meta l4proto udp masquerade
            nft add chain ip octavia-ipv4 ip-sctp-masq { type nat hook postrouting priority 100\;}
            nft add rule ip octavia-ipv4 ip-sctp-masq oifname "$3" meta l4proto sctp masquerade
-            nft add chain ip octavia-ipv4 prerouting { type filter hook prerouting priority -300 \; }
+            nft -- add chain ip octavia-ipv4 prerouting { type filter hook prerouting priority -300 \; }
            nft add rule ip octavia-ipv4 prerouting iifname "$3" meta l4proto tcp notrack
-            nft add chain ip octavia-ipv4 output { type filter hook output priority -300 \; }
+            nft -- add chain ip octavia-ipv4 output { type filter hook output priority -300 \; }
            nft add rule ip octavia-ipv4 output oifname "$3" meta l4proto tcp notrack

        elif [ "$2" == "ipv6" ]; then
@ -49,9 +49,9 @@ if [ "$1" == "add" ]; then
            nft add rule ip6 octavia-ipv6 ip6-udp-masq oifname "$3" meta l4proto udp masquerade
            nft add chain ip6 octavia-ipv6 ip6-sctp-masq { type nat hook postrouting priority 100\;}
            nft add rule ip6 octavia-ipv6 ip6-sctp-masq oifname "$3" meta l4proto sctp masquerade
-            nft add chain ip6 octavia-ipv6 prerouting { type filter hook prerouting priority -300 \; }
+            nft -- add chain ip6 octavia-ipv6 prerouting { type filter hook prerouting priority -300 \; }
            nft add rule ip6 octavia-ipv6 prerouting iifname "$3" meta l4proto tcp notrack
-            nft add chain ip6 octavia-ipv6 output { type filter hook output priority -300 \; }
+            nft -- add chain ip6 octavia-ipv6 output { type filter hook output priority -300 \; }
            nft add rule ip6 octavia-ipv6 output oifname "$3" meta l4proto tcp notrack
        else
            usage