Hi All I have been studing portknocking and I see a problem like mine that someone observed ( https://bbs.archlinux.org/viewtopic.php?id=239378) and I have no clue how to solve. This example is almost the same as nftables wiki: https://wiki.nftables.org/wiki-nftables/index.php/Port_knocking_example and result at same problem.... add set inet filter clientes_ipv4 { type ipv4_addr; flags timeout; } add set inet filter clientes_ipv6 { type ipv6_addr; flags timeout; } add set inet filter toctoc_aberta_ipv4 { type ipv4_addr . inet_service; flags timeout; } add set inet filter toctoc_aberta_ipv6 { type ipv6_addr . inet_service; flags timeout; } add inet filter INPUT tcp dport 21 add @toctoc_aberta_ipv4 {ip saddr . 2 2 timeout 60s} add inet filter INPUT tcp dport 21 add @toctoc_aberta_ipv6 {ip6 saddr . 22 timeout 60s} after that: nft list rulerset ....... tcp dport 21 add @toctoc_aberta_ipv4 { ip saddr . 0x16 [invalid type] timeout 1m } Ubuntu 20.04 nftables 0.9.3-2 -- Paulo Ricardo Bruck consultor
