Le 22/10/2019 à 02:30, Trent W. Buck a écrit :
Daniel Huhardeaux <tech@xxxxxxxxxx> writes:
I created a bash script under Debian/Buster to create nft rules: it
works perfectly.
Now I copy this script to a Debian/Stretch machine (nftables v0.7.0)
and get in troubles to make it work: at some point I receive the
subject error.
OK, I think it's a version problem: I installed nftables from Stretch
backports which is the same version as the Buster one, v0.9.0 But
bang, error is still here :(
What can be the cause of this error? Yes, I use sets, and no, they are
no maps defined.
Can you show us your actual ruleset.nft?
Or (better yet) distill it down to a minimal test ruleset.nft that
generates the problem, and show us that >
I don't recognize the specific error.
I have seen similar errors before due to brainos in my ruleset.
I agree it doesn't make sense that the same version (nftables=0.9.0 on
Debian 9 and Debian 10) should parse the same way - so maybe it's a
difference on the kernel side?
Are you running
4.19.67-2+deb10u1~bpo9+1 on Debian 9, and
4.19.67-2 on Debian 10?
Debian9 Debian 4.9.189-3+deb9u1
Debian10 Debian 4.19.67-2+deb10u1
I found the culpit: myself. I copy values from iptables rules where
range are given separated by colon and I forgot to replace this one by a
dash :(
Thanks for your support
--
Daniel
