On Tue, Jul 17, 2018 at 04:06:11PM +0800, Rosysong wrote:
> Hi all,
> I failed to run nft script with netdev family rule, please help me! Any hints will be appreciated !!!
> Below is my error log.
>
>
> root@Hello:/# cat /tmp/qos.nft
> #!/usr/sbin/nft -f
>
> table netdev test {
> chain filter {
> type filter hook ingress device br-lan priority 0; policy accept;
> tcp dport { 22 } accept
> udp dport { 23,45 } accept
> tcp dport { telnet, http, https } accept
> }
> }
>
> root@Hello:/# nft -f /tmp/qos.nft
> /tmp/qos.nft:6:15-20: Error: Could not process rule: Not supported
> chain filter {
> ^^^^^^
> /tmp/qos.nft:8:17-36: Error: Could not process rule: No such file or directory
> tcp dport { 22 } accept
> ^^^^^^^^^^^^^^^^^^^^
> /tmp/qos.nft:9:17-42: Error: Could not process rule: No such file or directory
> udp dport { 23,45 } accept
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
> /tmp/qos.nft:10:17-56: Error: Could not process rule: No such file or directory
> tcp dport { telnet, http, https } accept
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Did you compile your kernel with:
CONFIG_NETFILTER_INGRESS=y
?
Is also the 'br-lan' device already in place by when you load this ruleset?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
