Hi,
maybe somebody can give me a hint.
I'm using some systemd-nspawn containers with exposed Port.
Systemd creates automatically some masquerading rules and all works fine.
But if I restart nft.service, these rules are gone (obviously). So I
want to store and re-import them.
so this
nft list table ip io.systemd.nat | tee systemd_nat_rules
shows me:
table ip io.systemd.nat {
set masq_saddr {
type ipv4_addr
flags interval
elements = { 192.168.162.112/28 }
}
map map_port_ipport {
type inet_proto . inet_service : ipv4_addr . inet_service
elements = { tcp . 8088 : 192.168.162.117 . 80 }
}
chain prerouting {
type nat hook prerouting priority dstnat + 1; policy accept;
fib daddr type local dnat ip addr . port to meta
l4proto . th dport map @map_port_ipport
}
chain output {
type nat hook output priority -99; policy accept;
ip daddr != 127.0.0.0/8 oif "lo" dnat ip addr . port to
meta l4proto . th dport map @map_port_ipport
}
chain postrouting {
type nat hook postrouting priority srcnat + 1; policy accept;
ip saddr @masq_saddr masquerade
}
}
But trying to import it:
nft -c -f systemd_nat_rules
results in:
ruleset:9:48-59: Error: transport protocol mapping is only valid after
transport protocol match
type inet_proto . inet_service : ipv4_addr . inet_service
I also tried to store and import the complete ruleset (nft list
ruleset), but with the same error.
Thanks for your help.
Henning
