Morning,
On Sun, Jun 25, 2023 at 09:50:44PM +0000, Eric <evil.function@xxxxxxxxx> wrote:
> >
> >
> > The syntax of the ruleset is valid. Please ensure that you have not inadvertently introduced a linefeed character anywhere within a given set element (immediately before or after a comma is fine). Also, please convey the error message that you are encountering.
>
> Yup, like Kerin says, works for me (I picked the 'input' chain just because it's easy).
Okay, I worked it out. I had originally cut and pasted rules from elinks
running in a screen session on my router PC (because of course my local
browser had no networking...). The resulting error message that probably
would have gone away had I found every nonbreaking space:
homerouter.nft-rules:33:48-48: Error: syntax error, unexpected junk, expecting colon
ip protocol . th dport vmap { tcp . 22 : accept, udp . 53 : accept, tcp . 53 : accept, udp . 67 : accept}
^
"expecting colon" suggested to me that whitespace was invalid at that
location, hence my original (misguided) complaint.
Hexdump of the line in question:
00000000 20 20 20 20 20 20 20 20 20 69 70 20 70 72 6f 74 | ip prot|
00000010 6f 63 6f 6c 20 2e 20 74 68 20 64 70 6f 72 74 20 |ocol . th dport |
00000020 76 6d 61 70 20 7b 20 74 63 70 20 2e 20 32 32 c2 |vmap { tcp . 22.|
00000030 a0 3a 20 61 63 63 65 70 74 2c 20 75 64 70 20 2e |.: accept, udp .|
00000040 20 35 33 c2 a0 3a 20 61 63 63 65 70 74 2c 20 74 | 53..: accept, t|
00000050 63 70 20 2e 20 35 33 c2 a0 3a 20 61 63 63 65 70 |cp . 53..: accep|
00000060 74 2c 20 75 64 70 20 2e 20 36 37 c2 a0 3a 20 61 |t, udp . 67..: a|
00000070 63 63 65 70 74 7d 0a |ccept}.|
Hmm, C2 A0 is...nonbreaking space! Let's look at the wiki HTML source
(wordwrapping is mine)...
ip protocol . th dport vmap <span class="o">{</span> tcp . <span
class="m">22</span> : accept, udp . <span
class="m">53</span> : accept, tcp . <span
class="m">53</span> : accept, udp . <span
class="m">67</span> : accept<span class="o">}</span> <span
class="o">}</span>
Oh, there you go, it's mediawiki's fault for randomly replacing spaces with
nonbreaking spaces. I guess some browsers (elinks) preserve whitespace when
copying text, whereas others don't (chromium).
> To decipher the parts of the match expression, this might help (scan for "transport header").
>
> https://wiki.nftables.org/wiki-nftables/index.php/Matching_packet_headers
Ta, I'll (re)read this in the hope of getting better understanding of the
grammar, which I'll need to do if I'm to work out why changing my table from
"ip" to "inet" at the top of my ruleset breaks everything even though the
ruleset loads fine. 😅
Thanks for humouring me,
-MD
--
-----------------------------------------------------------------------------
Michael Deegan Hugaholic https://www.deegan.id.au/
------------------------ Jung, zr jbeel? ----------------------------------
