Hi,
When I try to add a rule either matching on the conntrack mark or
setting it, I get "Error: Could not process rule: Operation not
supported"
Other conntrack options (i.e. ct state, ct direction, ct expiration,
etc.) all seem to work fine.
Do some versions of nftables or conntrack not support connection marks?
I'm running nftables v0.9.0 and linux kernel 4.14
My ruleset looks like
table ip testtable {
chain testchain {
type filter hook prerouting priority 0; policy accept;
ip saddr 192.168.2.0/24 udp dport { 5678, 5679, 5681 }
# unrelated rule
}
}
As a specific example, running
nft add rule testtable testchain ct state new
works fine, but if I do
nft add rule testtable testchain ct mark 2
or
nft add rule testtable testchain ct mark set 2
it fails.
Thanks,
- Adam
