Thanks.
This morning I had a brainwave, and inserted it into /etc/nftables.conf:
> #!/usr/sbin/nft -f
> flush ruleset
>
> table inet filter {
>
> set blocklist { type inet_proto ; flags timeout ; }
>
> chain input {
> type filter hook input priority 0; policy drop;
> }
> chain forward {
> type filter hook forward priority 0; policy drop;
> }
> chain output {
> type filter hook output priority 0; policy accept;
> }
>
> }
>
> include "/etc/nftables/include/*.nft"
Nft accepted it.
Best wishes, stay safe,
Paul
-----Original Message-----
From: Florian Westphal <fw@xxxxxxxxx>
Sent: Saturday, March 27, 2021 12:32 AM
To: paul.guijt@xxxxxxxxx
Cc: netfilter@xxxxxxxxxxxxxxx
Subject: Re: Creating named set
paul.guijt@xxxxxxxxx <paul.guijt@xxxxxxxxx> wrote:
> Hi all,
> On Raspbian I tried:
> sudo nft add set inet filter blocklist { type inet_proto \; flags timeout \; }
> Error: Could not process rule: No such file or directory
> add set inet filter blocklist { type inet_proto ; flags timeout ; }
^^^^^^
> I have tried all sorts of syntax, but every time that error comes up. Even with “% nft add set ip filter blackhole { type ipv4_addr\;}” from the wiki.
> I have an inet table, and in it I want to drop anything coming from @blocklist. Can anyone please hand me the correct syntax, either for command line (sudo nft …) or for a rules file?
This syntax is fine. The error comes from the kernel.
Either no 'inet filter' table exists, or your kernel lacks set functionality.
