On Mon, Nov 02, 2015 at 11:27:29PM +0000, Steve Horsley wrote:
> Sorry for the delay in answering.
>
> I installed the development version of Ubuntu 16.10 with proposed updates.
> With this version, nft -v reports version 0.5. My original set of commands
> now works without crashing, so thanks for the advice to try version 0.5.
>
> However, this set of commands still fails:
>
> # nft flush ruleset
> # nft add table nat
> # nft add chain nat output { type nat hook output priority 0 \; }
> # nft add map nat outnat {type ipv4_addr : ipv4_addr\; }
> # nft add element nat outnat { 172.16.1.1 : 8.8.8.8 , 172.16.1.2 : 8.8.4.4 }
> # nft add rule ip nat output dnat ip daddr map @outnat
> <cmdline>:1:1-48: Error: Could not process rule: Invalid argument
> add rule ip nat output dnat ip daddr map @outnat
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> It looks as though I have a syntax error in the command, but I can't find a
> good example to use as a template. Do I have the syntax wrong, or is using a
> separate set like this not possible?
This is working here. What kernel version are you using?
This problem is resolved in 4.2.4 and it should be in 4.1.12 too.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
