>
>> nft thinkts the set doesn't exit, I can't reproduce it here.
>> sets are scoped to the table they live in, are you perhaps creating this
>> set in e.g. table x and try to use it in table y?
>
To keep things simple constructed the below from scratch however |Error:
Set 'icmp_he' does not exist| is persistent. Unless there is an issue
with syntax it seems to be either bug in 0.8.2 or a feature not
available in that version.
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
ct state 2,4 accept
ct state 1 drop
icmp type @icmp_he meta nftrace set 1 accept
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
table inet filter {
set icmp_he {
type inet_proto
elements = { 0, 3, 11, 12, 14, 16, 18 }
flags constant
size 7
}
}
��.n��������+%�������w��{.n����z���)���jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
