Hi again.
How can flush "sets" ?
i get this message when try it:
# nft flush set ip filter ua_ix_list
<cmdline>:1:1-31: Error: Could not process rule: Invalid argument
flush set ip filter ua_ix_list
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
But:
# nft list set ip filter ua_ix_list
table ip filter {
set ua_ix_list {
type ipv4_addr
flags interval
}
}
Install version:
nftables v0.7 (Scrooge McDuck)
Thanks
ср, 13 мая 2020 г. в 21:59, Іван Щербей <ivan@xxxxxxxxxxxx>:
>
> Yes, that's what I want
> Thank you very much.
>
>
>
> ср, 13 мая 2020 г. в 21:39, <kfm@xxxxxxxxxxxxx>:
> >
> > On 13/05/2020 18:40, Іван Щербей wrote:
> > > Hi all
> > >
> > > I have question about "SET"
> > >
> > > I read this block on manpage:
> > >>
> > >> Using anonymous sets to accept particular subnets and ports.
> > >>
> > >>
> > >> nft add rule filter input ip saddr { 10.0.0.0/8, 192.168.0.0/16 } tcp dport { 22, 443 } accept
> > >>
> > >> Named sets are sets that need to be defined first before they can be referenced in rules. Unlike anonymous sets, elements can be added to or removed from a named set at any time. Sets are referenced from rules using an @ prefixed to the sets name.
> > >>
> > >> Using named sets to accept addresses and ports.
> > >>
> > >>
> > >> nft add rule filter input ip saddr @allowed_hosts tcp dport @allowed_ports accept
> > >
> > >
> > > But i can't use network how elements in set. because only ipv4_addr or
> > > ipv6_addr types are supported.
> >
> > For named sets, ensure that the "interval" flag is present. See the
> > discussion that occurred in the following bug:
> >
> > https://bugzilla.netfilter.org/show_bug.cgi?id=1380
> >
> > --
> > Kerin Millar
