Hi,
Saving the following to <filename> and running 'nft -f <filename>' works
fine: table t contains sets s1 & s2 and chains c1, c2, c3. But if chain
c4 is uncommented, nft returns: Error: Set 's1' does not exist.
Note that chain c4 is exactly the same as chain c2 except for its name,
and its placement in a separate table block (for the same table).
nft has no problem merging chains c1 & c3 (and sets s1 & s2) which are
also in separate table blocks for the same table. Is there a way to get
nft to merge c4 the same way? Or must every chain that contains
set-matching rules be defined in the same _block_ (not just the same
table) as the set being matched?
Reason I ask: I'm working toward a modular config that assembles
multiple files into a single file to be executed by nft -f in order to
apply the whole thing atomically. So it would be convenient to rely on
nft to merge multiple blocks for the same table / other structures. But
maybe I'll need to do this merging before handing the config to nft...?
Thanks,
Frank
----------
#!/usr/sbin/nft -f
table ip t
delete table t
table ip t {
set s1 {
type ipv4_addr
elements = {
127.0.0.1
}
}
chain c1 {
ip saddr 127.0.0.1 accept
}
chain c2 {
ip saddr @s1 accept
}
}
table ip t {
set s2 {
type ipv4_addr
elements = {
8.8.8.8
}
}
chain c3 {
ip saddr 192.168.0.1 accept
}
# chain c4 {
# ip saddr @s1 accept
# }
}
