Found the root cause -- duplicate chain name (prer_r) within the same
table after all the sed-ing to shorten things.
The error messaging truly needs to be a lot better.
The question of the permitted identifier length is still outstanding.
Jeff
On 8/23/17 12:57 PM, Jeff Kletsky wrote:
I've now tried striping everything out of the chains, except for a
lone "accept" statement, as well as rebooting.
sudo nft list ruleset # returns nothing
Still getting
nftables.conf:3:1-14: Error: Could not process rule: Device or
resource busy
flush ruleset
^^^^^^^^^^^^^^
Have I just been staring at this for too long and am missing something
obvious?
Jeff
P.S. Please forgive the horrendous names, not much you can do with 16
characters
$ cat nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet global {
chain prer_r {
type filter hook prerouting priority -175
policy drop
accept
} # chain prer_r
chain prer_r {
type filter hook prerouting priority -50
policy drop
accept
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
