On Tue, Jul 17, 2018 at 04:06:11PM +0800, Rosysong wrote:
> Hi all,
> I failed to run nft script with netdev family rule, please help me! Any hints will be appreciated !!!
> Below is my error log.
>
>
> root@Hello:/# cat /tmp/qos.nft
> #!/usr/sbin/nft -f
>
> table netdev test {
> chain filter {
> type filter hook ingress device br-lan priority 0; policy accept;
> tcp dport { 22 } accept
> udp dport { 23,45 } accept
> tcp dport { telnet, http, https } accept
> }
> }
>
> root@Hello:/# nft -f /tmp/qos.nft
> /tmp/qos.nft:6:15-20: Error: Could not process rule: Not supported
> chain filter {
> ^^^^^^
> /tmp/qos.nft:8:17-36: Error: Could not process rule: No such file or directory
> tcp dport { 22 } accept
> ^^^^^^^^^^^^^^^^^^^^
> /tmp/qos.nft:9:17-42: Error: Could not process rule: No such file or directory
> udp dport { 23,45 } accept
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
> /tmp/qos.nft:10:17-56: Error: Could not process rule: No such file or directory
> tcp dport { telnet, http, https } accept
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>Did you compile your kernel with:
>>
>> CONFIG_NETFILTER_INGRESS=y
>>
>>?
>>Is also the 'br-lan' device already in place by when you load this ruleset?
Thank you, I didn't compile my kernel with CONFIG_NETFILTER_INGRESS=y,
Now it is fixed.��.n��������+%�������w��{.n����z�����n�r�������&��z�ޗ�zf���h���~����������_��+v���)ߣ�
