Hello Pablo,
Please see below table/chain/rules/sets I program, when I try to add jump from input-net, input-local to services it fails with " Operation not supported" , I would appreciate if somebody could help to understand why:
sudo nft add rule ipv4table input-net jump services
Error: Could not process rule: Operation not supported
add rule ipv4table input-net jump services
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
table ip ipv4table {
set no-endpoint-svc-ports {
type inet_service
elements = { 8080, 8989 }
}
set no-endpoint-svc-addrs {
type ipv4_addr
flags interval
elements = { 10.1.1.1, 10.1.1.2 }
}
chain input-net {
type nat hook prerouting priority filter; policy accept;
}
chain input-local {
type nat hook output priority filter; policy accept;
}
chain services {
ip daddr @no-endpoint-svc-addrs tcp dport @no-endpoint-svc-ports reject with tcp reset
ip daddr @no-endpoint-svc-addrs udp dport @no-endpoint-svc-ports reject with icmp type net-unreachable
}
}
Thank you
Serguei
