I would really appreciate if someone could comment on this.
The problem is that nft complains about overlapping intervals in the
set, if I load the following ruleset twice.
This occurs even though there is a `flush ruleset' directive at the
beginning of the ruleset. As far as I understand it, all sets should be
empty after that.
Calling `nft flush ruleset' beforehand works around this but is no
longer atomic.
Best
Leon
flush ruleset
table inet filter {
set blacklist_v4 { type ipv4_addr; flags interval; }
}
add element inet filter blacklist_v4 {
192.168.0.1/24,
}
On Fri, 28 Oct 2016 16:23:53 +0200
Leon Merten Lohse <leon@xxxxxxxxxxxxx> wrote:
> When I load this ruleset twice, it complains that "interval overlaps
> with an existing one" even though I explicitly do a "flush ruleset" at
> the beginning of the file.
> This problem does not occur if I "nft flush ruleset" first and then
> load the ruleset.
> Do I have to explicitly flush the sets, somehow?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
