Overlapping IP networks no longer allowed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

As of nftables 0.8.1, it seems I can no longer write anonymous sets
which contain overlapping networks (CIDR masks).

For example, I want to write the following ruleset:

#!/usr/bin/nft -f
define users = { 10.0.0.0/8, 193.219.181.192/26 }
define admins = { 10.123.0.0/24, 31.220.42.129 }
define allowed = { $users, $admins }
table inet filter {
        chain foobar {
                ip saddr $allowed accept
        }
}

results in an error message:

    Error: interval overlaps with previous one

I noticed a few nftables.git commits related to disabling auto-merge
for interval sets... but mine don't have the 'interval' flag, and
there doesn't seem to be any way to specify 'auto-merge' for anonymous
sets, either.

-- 
Mantas Mikulėnas
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux