Am Mi., 16. Sept. 2020 um 14:52 Uhr schrieb Florian Westphal <fw@xxxxxxxxx>: > > Siebzehn <siebzehntausend@xxxxxxxxx> wrote: > > I'm filtering Address-Ranges and Ports to let them though. However it > > doesn't seem to accept "flags intervals". > > Even the Example on the wiki isn't getting accepted! > > > > Example from > > https://wiki.nftables.org/wiki-nftables/index.php/Concatenations#Network_addresses > > flush ruleset > > table inet mytable { > > set myset { > > type ipv4_addr . ipv4_addr > > flags interval > > elements = { 192.168.0.0/16 . 172.16.0.0/25, > > 10.0.0.0/30 . 192.168.1.0/24, > > } > > } > > > > chain mychain { > > ip saddr . ip daddr @myset counter accept > > } > > } > > > > Error: > > nft -f TestD.nft > > TestD.nft:4:9-13: Error: Could not process rule: Invalid argument > > set myset { > > Concatenations with intervals need kernel 5.6 or newer. Thanks it worked! I saw the note but wasn't sure what it meant... "NOTE: before kinux kernel 5.6 and nftables 0.9.4 the CIDR notation wasn't available, ...:"
