Hi,
I've found an issue when using the libnftables based nft.
If you use nft-add-rule from libnftables examples and you try to list
the rules afterward with nft, there is a problem with the added rules
which are not displayed correctly.
Here is the output of "nft list table filter -n -a --debug=all":
family=ip table=filter chain=output handle=9 flags=0 match name=iprange rev=1 payload dreg=1 base=1 offset=9 len=1 target name=LOG rev=0
table filter {
chain input {
hook NF_INET_LOCAL_IN 0;
}
chain forward {
hook NF_INET_FORWARD 0;
}
chain output {
hook NF_INET_LOCAL_OUT 0;
ip daddr 1.2.3.4 drop # handle 4
ip daddr 1.2.3.5 drop # handle 5
ip daddr 1.2.3.6 drop # handle 6
# handle 9
}
}
netlink: Error: unknown expression type 'match'
name=iprange rev=1
netlink: Error: unknown expression type 'target'
name=LOG rev=0
Should this problem be trivial for someone, I let him do the job. If
not, I will start to work on it.
BR,
--
Eric Leblond <eric@xxxxxxxxx>
Blog: https://home.regit.org/
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
