Am Mi., 16. Sept. 2020 um 15:05 Uhr schrieb Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>: > > On 2020-09-16 11:05, Siebzehn wrote: > > Hello, > > > > I'm filtering Address-Ranges and Ports to let them though. However it > > doesn't seem to accept "flags intervals". > > Even the Example on the wiki isn't getting accepted! > > > > Example from > > https://wiki.nftables.org/wiki-nftables/index.php/Concatenations#Network_addresses > > flush ruleset > > table inet mytable { > > set myset { > > type ipv4_addr . ipv4_addr > > flags interval > > elements = { 192.168.0.0/16 . 172.16.0.0/25, > > 10.0.0.0/30 . 192.168.1.0/24, > > } > > } > > > > chain mychain { > > ip saddr . ip daddr @myset counter accept > > } > > } > > > > Make sure you are using: > > * nftables >= 0.9.4 > * kinux kernel >= 5.6 > > regards. Thanks it worked! I saw the note but wasn't sure what it meant... "NOTE: before kinux kernel 5.6 and nftables 0.9.4 the CIDR notation wasn't available, ...:"
