On Wed, Jul 06, 2016 at 06:51:21PM +0200, Matthias Taube wrote:
> Hi,
>
> if I define a named set in nftables
> >nft 'add set inet filter black2 {type ipv4_addr; flags interval; }'
> >nft add element inet filter black2 { 192.168.1.1/24 }
>
> it is not possible to add bordering ip-ranges:
> >nft add element inet filter black2 { 192.168.2.1/24 }
> ><cmdline>:1:1-49: Error: Could not process rule: File exists
> >add element inet filter black2 { 192.168.2.1/24 }
> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> but if I add the ranges in ONE command it works:
> >nft add element inet filter black2 { 192.168.1.1/24, 192.168.2.1/24 }
>
> then the ranges are put together to one ip-range:
> ># nft list set inet filter black2
> >table inet filter {
> > set black2 {
> > type ipv4_addr
> > flags interval
> > elements = { 192.168.1.0-192.168.2.255}
> > }
> >}
>
> How it is possible to create a set to flexible add and delete bordering
> ip-ranges?
This is fixed in the upcoming 4.7, you can give a try to 4.7-rc6. You
also have to install nft 0.6.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
