Siebzehn <siebzehntausend@xxxxxxxxx> wrote: > I'm filtering Address-Ranges and Ports to let them though. However it > doesn't seem to accept "flags intervals". > Even the Example on the wiki isn't getting accepted! > > Example from > https://wiki.nftables.org/wiki-nftables/index.php/Concatenations#Network_addresses > flush ruleset > table inet mytable { > set myset { > type ipv4_addr . ipv4_addr > flags interval > elements = { 192.168.0.0/16 . 172.16.0.0/25, > 10.0.0.0/30 . 192.168.1.0/24, > } > } > > chain mychain { > ip saddr . ip daddr @myset counter accept > } > } > > Error: > nft -f TestD.nft > TestD.nft:4:9-13: Error: Could not process rule: Invalid argument > set myset { Concatenations with intervals need kernel 5.6 or newer.
