The following simple ruleset fails to load on nftables 0.9.8 (from
Ubuntu 21.04):
#!/usr/sbin/nft -f
flush ruleset
table inet nat {
chain prerouting {
type filter hook prerouting priority -100;
ip daddr set numgen inc mod 16 map { 0 - 7 : 10.0.1.1, 8 - 15
: 10.0.1.2 }
}
chain postrouting {
type filter hook postrouting priority 100;
}
}
It throws this error:
# nft -f test.nft
test.nft:12:40-42: Error: Value 100 exceeds valid range 0-15
type filter hook postrouting priority 100;
^^^
test.nft:12:31-42: Error: invalid priority expression value in this context.
type filter hook postrouting priority 100;
^^^^^^^^^^^^
Is there something wrong with my expression or is this a bug?
Regards,
Andreas
--
Andreas Schultz
