Hello,
I'm making the transition from iptables to nftables and running into
an issue moving from ipset to native nftables sets. I've created a set
with an interval and the auto-merge flag, however when adding an
address with a mask that happens to cover an existing entry in the
set, the command gives an error instead of merging the two as I
expected. Example output:
# nft -v
nftables v0.9.2 (Scram)
# nft add set ip filter blackhole "{ type ipv4_addr; flags interval;
auto-merge }"
# nft list set ip filter blackhole
table ip filter {
set blackhole {
type ipv4_addr
flags interval
auto-merge
}
}
# nft add element ip filter blackhole { 10.0.0.1, }
# nft add element ip filter blackhole { 10.0.0.0/8, }
Error: interval overlaps with an existing one
add element filter blackhole { 10.0.0.0/8, }
^^^^^^^^^^
Error: Could not process rule: File exists
add element filter blackhole { 10.0.0.0/8, }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Am I misunderstanding how auto-merge works or is this a bug?
