Hello,
I have the following nftables script:
define guarded_ports = {ssh}
table inet portknock {
set port2 {
type inet_service
flags timeout
timeout 60m
}
set port3 {
type inet_service
flags timeout
timeout 60s
}
set clients {
type ipv4_addr
flags timeout
}
set candidates {
type ipv4_addr . inet_service
flags timeout
}
chain input {
type filter hook input priority -10; policy accept;
iifname "lo" return
tcp dport 12345 add @candidates {ip saddr . @port2 timeout 10s}
tcp dport @port2 ip saddr . tcp dport @candidates add @candidates {ip saddr . @port3 timeout 10s}
tcp dport @port3 ip saddr . tcp dport @candidates add @clients {ip saddr timeout 10s}
tcp dport $guarded_ports ip saddr @clients accept
tcp dport $guarded_ports ct state established,related accept
tcp dport $guarded_ports reject with tcp reset
}
}
When trying to apply it it throws the following error with nftables v0.9.6 (Capital Idea #2):
/tmp/rules:31:48-52: Error: syntax error, unexpected string, expecting ll or nh or th
tcp dport 12345 add @candidates {ip saddr . @port2 timeout 10s}
^^^^^
/tmp/rules:32:82-86: Error: syntax error, unexpected string, expecting ll or nh or th
tcp dport @port2 ip saddr . tcp dport @candidates add @candidates {ip saddr . @port3 timeout 10s}
^^^^^
So my question is is this even supposed to work or not? If not then maybe somebody could tell me why and if it is supposed to work why doesn't it?
Kind regards
Harald Jenny
